A security flaw was found in the way Apache OpenOffice and LibreOffice, office productivity suites, previously used to handle certain, invalid PLCF (Plex of Character Positions in File) elements when parsing selected Microsoft Office Word (DOC) format documents. A remote attacker could provide a specially-crafted DOC format file that, when processed in some application from the Apache OpenOffice or LibreOffice suites would lead to that application crash or, potentially, arbitrary code execution with the privileges of the user running the application.
References:
[1] http://www.openoffice.org/security/cves/CVE-2013-2189.html
[2] http://www.libreoffice.org/advisories/CVE-2013-2189/
Comment 3Huzaifa S. Sidhpurwala
2013-07-31 05:02:41 UTC
Comment 5Huzaifa S. Sidhpurwala
2013-08-02 05:38:01 UTC
This issue affects the version of the openoffice.org package, as shipped with Red Hat Enterprise Linux 5.
--
This issue did not affect the version of the libreoffice package, as shipped with Red Hat Enterprise Linux 6.
--
This issue did not affect the versions of the libreoffice package, as shipped with Fedora release of 18 and 19.
Comment 6Huzaifa S. Sidhpurwala
2013-08-02 05:39:03 UTC
Statement:
We do not consider a denial of service flaw in a client application such as OpenOffice to be a security issue.