KLA10855
Memory corruption vulnerability in Apache OpenOffice

An unspecified vulnerability was found in Apache OpenOffice Impress. By exploiting this vulnerability malicious users can cause denial of service or execute arbitrary code. This vulnerability can be exploited remotely via a specially designed .ODP and .OTP files.

Technical details

An exploitable out-of-bounds vulnerability occurs while handling MetaActions.

Vulnerability is related to files:

1. maintoolssourcegenericpoly2.cxx (see lines 217-230);
2. mainvclsourcegdimetaact.cxx (see line 1189).

Apache OpenOffice versions 4.1.2 and earlier
OpenOffice.org versions

Avoid to use Apache OpenOffice Impress within untrusted files. Install updates as soon as developer will release it. For further instructions take a look at original advisory.