| <!DOCTYPE html> |
| <html> |
| <head> |
| <title>CVE-2016-1513</title> |
| <style type="text/css"></style> |
| </head> |
| |
| <body> |
| <!-- These were previously defined as XHTML pages. The current wrapping |
| for the site introduces HTML5 headers and formats. This version is |
| modified to match the wrapping that is done as part of publishing |
| this page and not rely on any particular styling beyond <p>. |
| --> |
| |
| <p> |
| <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1513"> |
| CVE-2016-1513</a> |
| </p> |
| |
| <p> |
| <a href="https://www.openoffice.org/security/cves/CVE-2016-1513.html"> |
| Apache OpenOffice Advisory</a> |
| </p> |
| |
| <p> |
| <strong>Memory Corruption Vulnerability (Impress Presentations)</strong> |
| </p> |
| |
| <p> |
| <strong>Version 3.0</strong> |
| </p> |
| |
| <p> |
| Updated October 11, 2016<br /> |
| Updated August 30, 2016<br /> |
| Announced July 21, 2016 |
| </p> |
| |
| <p> |
| <strong>Description</strong> |
| </p> |
| |
| <p> |
| An OpenDocument Presentation .ODP or Presentation Template .OTP file |
| can contain invalid presentation elements that lead to memory |
| corruption when the document is loaded in Apache OpenOffice Impress. |
| The defect may cause the document to appear as corrupted and |
| OpenOffice may crash in a recovery-stuck mode requiring manual |
| intervention. A crafted exploitation of the defect can allow an |
| attacker to cause denial of service (memory corruption and |
| application crash) and possible execution of arbitrary code. |
| </p> |
| <p>Impress cannot be used to directly produce documents having the |
| CVE-2016-1513-related defect. Impress-authored .ODF and .ODT |
| documents of an user's own that exhibit any of these characteristics |
| are not the result of an exploit. They may be consequences |
| of a separate Impress defect that should be reported. |
| </p> |
| |
| <p> |
| <strong>Severity: Medium</strong> |
| </p> |
| |
| <p>There are no known exploits of this vulnerabilty.<br /> |
| A proof-of-concept demonstration exists. |
| </p> |
| |
| <p> |
| <strong>Vendor: The Apache Software Foundation</strong> |
| </p> |
| |
| <p> |
| <strong>Versions Affected</strong> |
| </p> |
| |
| <p> |
| All Apache OpenOffice versions 4.1.2 and older are affected.<br /> |
| OpenOffice.org versions are also affected. |
| </p> |
| |
| <p> |
| <strong>Mitigation</strong> |
| </p> |
| |
| <p> |
| Install Apache OpenOffice 4.1.3 for the latest maintenance and |
| cumulative security fixes. Use the Apache OpenOffice |
| <a href="https://www.openoffice.org/download/">download page</a> |
| <br /><br /> |
| Users of Apache OpenOffice 4.1.2 that cannot update to 4.1.3 |
| can Install the 4.1.2-patch1 Hotfix available at |
| <a href="http://archive.apache.org/dist/openoffice/4.1.2-patch1/hotfix.html">http://archive.apache.org/dist/openoffice/4.1.2-patch1/hotfix.html</a>. |
| <br /><br /> |
| A source-code patch that blocks the vulnerability has been developed and is available for developers at <a href="https://bz.apache.org/ooo/show_bug.cgi?id=127045">issue 127045</a> with SVN revision |
| <a href="http://svn.apache.org/viewvc?view=revision&revision=1754535">1754535</a>. |
| <br /><br /> |
| Antivirus products can detect documents attempting to exploit this vulnerability by employing Snort Signature IDs 35828-35829. |
| </p> |
| |
| <p> |
| <strong>Defenses and Work-Arounds</strong> |
| </p> |
| |
| <p> |
| If you are unable to update, there are other precautions that |
| can be taken. These precausions are recommended for all users |
| of all versions of Apache OpenOffice, including the latest |
| available. |
| <br /><br /> |
| Avoid operating Apache OpenOffice (and any other personal |
| productivity programs) under a computer account that has |
| administrative privileges of any kind. While installation of |
| Apache OpenOffice requires elevated privileges and user permission |
| on platforms such as Microsoft Windows, operation of the software |
| does not. |
| <br /><br /> |
| Keeping antivirus/antimalware software current is also important. |
| This will serve to identify and distinguish suspicious documents |
| that involve the exploit, avoiding confusion with documents that |
| are damaged and/or fail for other reasons. |
| </p> |
| |
| <p> |
| <strong>Further Information</strong> |
| </p> |
| |
| <p> |
| For additional information and assistance, consult the |
| <a href="https://forum.openoffice.org/">Apache OpenOffice |
| Community Forums</a>, or make requests to the |
| <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a> |
| public mailing list. Defects not involving suspected security |
| vulnerabilities can be reported with a normal issue via |
| <a href="https://www.openoffice.org/qa/issue_handling/pre_submission.html">Bugzilla</a>. |
| </p> |
| |
| <p> |
| The latest information on Apache OpenOffice security bulletins can |
| be found at the |
| <a href="https://www.openoffice.org/security/bulletin.html"> |
| Bulletin Archive page</a>. |
| </p> |
| |
| <p> |
| <strong>Credits</strong> |
| </p> |
| |
| <p> |
| The Apache OpenOffice project acknowledges the discovery and analysis for CVE-2016-1513 by Yves Younan and Richard Johnson of Cisco Talos. |
| </p> |
| |
| <hr /> |
| |
| <p> |
| <a href="https://www.openoffice.org/security/">Security Home</a> |
| -> <a href="https://www.openoffice.org/security/bulletin.html"> |
| Bulletin</a> |
| -> <a href="https://www.openoffice.org/security/cves/CVE-2016-1513.html"> |
| CVE-2016-1513</a> |
| </p> |
| |
| </body> |
| </html> |