FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openoffice -- DOC document heap overflow vulnerability

Affected packages
		ar-openoffice	<	1.1.4_2
2.*	<	ar-openoffice	<=	2.0.20050406
		ca-openoffice	<	1.1.4_2
2.*	<	ca-openoffice	<=	2.0.20050406
		cs-openoffice	<	1.1.4_2
2.*	<	cs-openoffice	<=	2.0.20050406
		de-openoffice	<	1.1.4_2
2.*	<	de-openoffice	<=	2.0.20050406
		dk-openoffice	<	1.1.4_2
2.*	<	dk-openoffice	<=	2.0.20050406
		el-openoffice	<	1.1.4_2
2.*	<	el-openoffice	<=	2.0.20050406
		es-openoffice	<	1.1.4_2
2.*	<	es-openoffice	<=	2.0.20050406
		et-openoffice	<	1.1.4_2
2.*	<	et-openoffice	<=	2.0.20050406
		fi-openoffice	<	1.1.4_2
2.*	<	fi-openoffice	<=	2.0.20050406
		fr-openoffice	<	1.1.4_2
2.*	<	fr-openoffice	<=	2.0.20050406
		gr-openoffice	<	1.1.4_2
2.*	<	gr-openoffice	<=	2.0.20050406
		hu-openoffice	<	1.1.4_2
2.*	<	hu-openoffice	<=	2.0.20050406
		it-openoffice	<	1.1.4_2
2.*	<	it-openoffice	<=	2.0.20050406
		ja-openoffice	<	1.1.4_2
2.*	<	ja-openoffice	<=	2.0.20050406
		jp-openoffice	<	1.1.4_2
2.*	<	jp-openoffice	<=	2.0.20050406
		ko-openoffice	<	1.1.4_2
2.*	<	ko-openoffice	<=	2.0.20050406
		kr-openoffice	<	1.1.4_2
2.*	<	kr-openoffice	<=	2.0.20050406
		nl-openoffice	<	1.1.4_2
2.*	<	nl-openoffice	<=	2.0.20050406
		openoffice	<	1.1.4_2
2.*	<	openoffice	<=	2.0.20050406
		pl-openoffice	<	1.1.4_2
2.*	<	pl-openoffice	<=	2.0.20050406
		pt-openoffice	<	1.1.4_2
2.*	<	pt-openoffice	<=	2.0.20050406
		pt_BR-openoffice	<	1.1.4_2
2.*	<	pt_BR-openoffice	<=	2.0.20050406
		ru-openoffice	<	1.1.4_2
2.*	<	ru-openoffice	<=	2.0.20050406
		se-openoffice	<	1.1.4_2
2.*	<	se-openoffice	<=	2.0.20050406
		sk-openoffice	<	1.1.4_2
2.*	<	sk-openoffice	<=	2.0.20050406
		sl-openoffice-SI	<	1.1.4_2
2.*	<	sl-openoffice-SI	<=	2.0.20050406
		sl-openoffice-SL	<	1.1.4_2
2.*	<	sl-openoffice-SL	<=	2.0.20050406
		tr-openoffice	<	1.1.4_2
2.*	<	tr-openoffice	<=	2.0.20050406
		zh-openoffice	<	1.1.4_2
2.*	<	zh-openoffice	<=	2.0.20050406
		zh-openoffice-CN	<	1.1.4_2
2.*	<	zh-openoffice-CN	<=	2.0.20050406
		zh-openoffice-TW	<	1.1.4_2
2.*	<	zh-openoffice-TW	<=	2.0.20050406
		zh_TW-openoffice	<	1.1.4_2
2.*	<	zh_TW-openoffice	<=	2.0.20050406
6.0.a609	<=	ja-openoffice	<=	6.0.a638
641c	<=	ja-openoffice	<=	645
		ja-openoffice	=	1.1RC4
		ja-openoffice	=	1.1rc5
6.0.a609	<=	openoffice	<=	6.0.a638
641c	<=	openoffice	<=	645
		openoffice	=	1.1RC4
		openoffice	=	1.1rc5

Details

VuXML ID	b206dd82-ac67-11d9-a788-0001020eed82
Discovery	2005-04-11
Entry	2005-04-13
Modified	2005-04-20

AD-LAB reports that a heap-based buffer overflow vulnerability exists in OpenOffice's handling of DOC documents. When reading a DOC document 16 bit from a 32 bit integer is used for memory allocation, but the full 32 bit is used for further processing of the document. This can allow an attacker to crash OpenOffice, or potentially execute arbitrary code as the user running OpenOffice, by tricking an user into opening a specially crafted DOC document.

References

Bugtraq ID	13092
CVE Name	CVE-2005-0941
Message	20050412000438.17342.qmail@www.securityfocus.com
URL	http://www.openoffice.org/issues/show_bug.cgi?id=46388

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.