Multiple vulnerabilities in Apache OpenOffice

Description

Multiple serious vulnerabilities have been found in Apache OpenOffice. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensetive information. Below is a complete list of vulnerabilities:

1. An unspecified vulnerability in embedded object rendering process can be exploited remotely via crafted file to obtain sensetive information;
2. An Out-of-Bounds write vulnerability in OpenOffice Writer DOC file parcer and specifically in the WW8Fonts Constructor can be exploited remotely via crafted file to cause arbitrary code potentially resulting in arbitrary code execution.

Original advisories

• CVE-2017-3157: Arbitrary file disclosure in Calc and Writer

• CVE-2017-9806: Out-of-Bounds Write in Writer’s WW8Fonts Constructor

Related products

• OpenOffice.org

CVE list

• CVE-2017-3157
  warning
• CVE-2017-9806
  high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com