KLA10855
Memory corruption vulnerability in Apache OpenOffice
Обновлено: 17/06/2019
Дата обнаружения
21/07/2016
Уровень угрозы
High
Описание

An unspecified vulnerability was found in Apache OpenOffice Impress. By exploiting this vulnerability malicious users can cause denial of service or execute arbitrary code. This vulnerability can be exploited remotely via a specially designed .ODP and .OTP files.


Technical details

An exploitable out-of-bounds vulnerability occurs while handling MetaActions.

Vulnerability is related to files:

  1. maintoolssourcegenericpoly2.cxx (see lines 217-230);
  2. mainvclsourcegdimetaact.cxx (see line 1189).
Пораженные продукты

Apache OpenOffice versions 4.1.2 and earlier
OpenOffice.org versions

Решение

Avoid to use Apache OpenOffice Impress within untrusted files. Install updates as soon as developer will release it. For further instructions take a look at original advisory.

Первичный источник обнаружения
Original Apache advisory
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]
Связанные продукты
OpenOffice.org
Apache OpenOffice
CVE-IDS