The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of OpenOffice.org: several vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious document with OpenOffice.org, in order to execute code on his computer.
Severity of this announce: 3/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/02/2010.
Références of this computer vulnerability: BID-19849, BID-35671, BID-38218, CERTA-2006-AVI-384, CERTA-2007-AVI-546, CERTA-2009-AVI-279, CERTA-2009-AVI-435, CERTA-2009-AVI-452, CERTA-2009-AVI-538, CERTA-2010-AVI-080, CERTA-2010-AVI-253, CERTA-2010-AVI-499, CVE-2006-4339, CVE-2009-0217, CVE-2009-2493, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302, DSA-1995-1, FEDORA-2010-1847, FEDORA-2010-1941, MDVSA-2010:221, RHSA-2010:0101-02, SUSE-SA:2010:017, VIGILANCE-VUL-9451, VU#456745, VU#466161, VU#845620.

Description of the vulnerability

Several vulnerabilities were announced in OpenOffice.org.

An attacker can create a malicious PKCS #1 signature which will be accepted as valid (VIGILANCE-VUL-6140). [severity:2/4; BID-19849, CERTA-2006-AVI-384, CERTA-2007-AVI-546, CVE-2006-4339, VU#845620]

The XMLDsig recommendation allows an attacker to bypass the signature of an XML document (VIGILANCE-VUL-8864). [severity:3/4; BID-35671, CERTA-2009-AVI-279, CERTA-2009-AVI-452, CERTA-2010-AVI-253, CVE-2009-0217, VU#466161]

On Windows, OpenOffice installs a vulnerable MSVC Runtime (VIGILANCE-VUL-8895). [severity:3/4; CERTA-2009-AVI-435, CERTA-2009-AVI-538, CVE-2009-2493, VU#456745]

An attacker can invite the victim to open a document containing a malicious XPM image with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CERTA-2010-AVI-499, CVE-2009-2949]

An attacker can invite the victim to open a document containing a malicious GIF image with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CVE-2009-2950]

An attacker can invite the victim to open a Word document containing a malicious sprmTDefTable field with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CVE-2009-3301]

An attacker can invite the victim to open a Word document containing a malicious sprmTSetBrc field with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CVE-2009-3302]
Full Vigil@nce bulletin... (Free trial)

This computer vulnerability alert impacts software or systems such as OpenOffice, Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES.

Our Vigil@nce team determined that the severity of this computer threat alert is important.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 7 vulnerabilities.

An attacker with a expert ability can exploit this security vulnerability.

Solutions for this threat

OpenOffice.org: version 3.2.
Version 3.2 is corrected:
  http://www.openoffice.org/

Debian: new openoffice.org packages.
New packages are available:
  http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-*_2.0.4.dfsg.2-7etch8_*.deb
  http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-*_2.4.1+dfsg-1+lenny6_*.deb

Fedora: new openoffice.org packages.
New packages are available:
  openoffice.org-3.1.1-19.12.fc11
  openoffice.org-3.1.1-19.26.fc12

Mandriva: new openoffice.org packages.
New packages are available:
  Mandriva Linux 2009.0: openoffice.org-3.1.1-0.7mdv2009.0
  Mandriva Linux 2010.0: openoffice.org-3.1.1-2.6mdv2010.0
  Mandriva Linux 2010.1: openoffice.org-3.2-4.1mdv2010.1
  Mandriva Enterprise Server 5: openoffice.org-3.1.1-0.6mdvmes5.1

RHEL: new openoffice.org packages.
New packages are available:
Red Hat Enterprise Linux version 3:
  openoffice.org-1.1.2-46.2.0.EL3
Red Hat Enterprise Linux version 4:
  openoffice.org-1.1.5-10.6.0.7.EL4.3
Red Hat Enterprise Linux version 5:
  openoffice.org-base-2.3.0-6.11.el5_4.4

SUSE: new OpenOffice.org packages.
New packages are available, as indicated in information sources.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides cybersecurity bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.