John Heasman of NGSSoftware has discovered a high risk vulnerability in the handling of RTF documents within OpenOffice.
The vulnerability affects all versions of OpenOffice prior to 2.2.1. If an attacker can coax a user into opening a specially crafted RTF document then the attacker can execute arbitrary code in the security context of their victim.
Details
*******
When parsing the “prtdata” tag, the OpenOffice RTF parser allocates memory based on the first proceeding token but copies the contents of the second, thus by setting the first token to a value smaller than the length of the second it is possible to overwrite heap data. This can be exploited to execute arbitrary code by overwriting vtable entries.
Solution
********
This issue has now been resolved; OpenOffice users are strongly recommended to install OpenOffice 2.2.1, or obtain the latest OpenOffice packages appropriate to their distribution.
Further details are available at http://www.openoffice.org
NGSSoftware Insight Security Researchhttp://www.ngssoftware.com/
http://www.databasesecurity.com/
http://www.nextgenss.com/
No comments:
Post a Comment