[Full-disclosure] rPSA-2007-0070-1 openoffice.org



rPath Security Advisory: 2007-0070-1
Published: 2007-04-09
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
openoffice.org=/conary.rpath.com@rpl:devel//1/2.2-0.1-1

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239
https://issues.rpath.com/browse/RPL-1118

Description:
Previous versions of the openoffice.org package are vulnerable to
two indirect code execution attacks, one when reading maliciously
malformed StarCalc documents, and one when parsing maliciously
crafted URIs. (Another vulnerability in libwpd was addressed
separately, as libwpd is packaged separately in rPath Linux.)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages