Security Patch for OpenOffice
An anonymous reader writes "Linuxlookup.com is reporting all users of OpenOffice.org 1.1.4 are urged to download and install this security patch. It addresses a problem noted in a recent advisory. That advisory states that there is a security risk in all circulating releases of OpenOffice.org. This patch fixes the problem in 1.1.4 but not in earlier or subsequent releases."
That you should use secure software like MS Word.
Oh, wait...
# cat
Damn, my RAM is full of llamas.
but well, someone might get to you through it.
,will cause write pointer,maybe cause arbitrary code ."
"II.DETAILS:
----------
There is a vulnerability in StgCompObjStream::Load() function,
When reading DOC document information of format,memory is allocated by DOC provide
length.
DOC provided a 32 bits integer,and will use the low 16 bits of this number to allocate
memory,
but when reading doc information,still use the 32 bits number as length,this maybe
cause heap
overflow, and when free happened
excute
No idea if it's actually doable to execute code through it on 'all' platforms oo runs on.
world was created 5 seconds before this post as it is.
this hole was found like ... oh yeah only like a day ago. well that's pretty good i guess.
The advisory on SecurityFocus.
Game! - Where the stick is mightier than the sword!
I'm on the StarOffice 8 beta program ... anyone know if this version is vulnerable on Linux? I assume so, since it's based on an OOo 2.0 beta build.