content/security/cves/CVE-2013-2189.html - openoffice-org - Git at Google

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head profile="http://www.w3.org/2005/10/profile">
     <title>CVE-2013-2189</title>
     <style type="text/css"></style>
 </head>

 <body>
     <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2189">CVE-2013-2189</a></h2>

     <h3>OpenOffice DOC Memory Corruption Vulnerability</h3>

     <ul>
     <h4>Severity: Important</h4>
     <h4>Vendor: The Apache Software Foundation</h4>
     <h4>Versions Affected:</h4>
         <ul>
         <li>Apache OpenOffice 3.4.0 to 3.4.1, on all platforms.</li>
         <li>Earlier versions may be also affected.</li>
     </ul>

     <h4>Description:</h4>
     <p>The vulnerability is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file.
     Specially crafted documents can be used for denial-of-service attacks.
     Further exploits are possible but have not been verified.

     <h4>Mitigation</h4>
     <p>Apache OpenOffice 3.4 users are advised to <a href="http://download.openoffice.org">upgrade to Apache OpenOffice 4.0</a>.
     Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

     <h4>Credits</h4>
     <p>The Apache OpenOffice security team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw.</p>

     <hr />

     <p><a href="http://security.openoffice.org">Security Home</a>
     -&gt; <a href="http://security.openoffice.org/security/bulletin.html">Bulletin</a>
     -&gt; <a href="http://security.openoffice.org/security/cves/CVE-2013-2189.html">CVE-2013-2189</a></p>
 </body>
 </html>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml">
	<head profile="http://www.w3.org/2005/10/profile">
	<title>CVE-2013-2189</title>
	<style type="text/css"></style>
	</head>

	<body>
	<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2189">CVE-2013-2189</a></h2>

	<h3>OpenOffice DOC Memory Corruption Vulnerability</h3>

	<ul>
	<h4>Severity: Important</h4>
	<h4>Vendor: The Apache Software Foundation</h4>
	<h4>Versions Affected:</h4>
	<ul>
	<li>Apache OpenOffice 3.4.0 to 3.4.1, on all platforms.</li>
	<li>Earlier versions may be also affected.</li>
	</ul>

	<h4>Description:</h4>
	<p>The vulnerability is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file.
	Specially crafted documents can be used for denial-of-service attacks.
	Further exploits are possible but have not been verified.

	<h4>Mitigation</h4>
	<p>Apache OpenOffice 3.4 users are advised to <a href="http://download.openoffice.org">upgrade to Apache OpenOffice 4.0</a>.
	Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

	<h4>Credits</h4>
	<p>The Apache OpenOffice security team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw.</p>

	<hr />

	<p><a href="http://security.openoffice.org">Security Home</a>
	-> <a href="http://security.openoffice.org/security/bulletin.html">Bulletin</a>
	-> <a href="http://security.openoffice.org/security/cves/CVE-2013-2189.html">CVE-2013-2189</a></p>
	</body>
	</html>