Sysadmin News » Highly critical Vulnerability in OpenOffice

« Extremely Critical Header Buffer Overflow in Apple QuickTime RTSP “Content-Type” iPhone: target for hackers next year »

Dec 07 2007

Profile Image of MuZumbu
MuZumbu

Highly critical Vulnerability in OpenOffice

Posted at 10:48 am under Secunia

Secunia Advisory:	SA27928
Release Date:	2007-12-05
Last Update:	2007-12-07

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

Software:	OpenOffice.org 2.x

CVE reference:	CVE-2007-4575 (Secunia mirror)



Description: A vulnerability has been reported in OpenOffice, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to the improper enforcing of security restrictions when passing SQL queries to the HSQLDB database engine. This can be exploited to call arbitrary static Java methods by tricking the user into executing a specially crafted SQL query contained within a database document. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.3.0. Prior versions are also reportedly affected. Solution: Update to version 2.3.1 (HSQLDB 1.8.0.9). http://download.openoffice.org/index.html Provided and/or discovered by: Reported by the vendor.

No responses yet

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.

Archives
September 2008

M T W T F S S

« Jul

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30

"