Red Hat Bugzilla – Bug 154989
RH9: CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exec arbitrary code)
Last modified: 2007-04-18 13:23:49 EDT
+++ This bug was initially created as a clone of Bug #154742 +++
Fedora Core 3 update:
An attacker may exploit this issue by crafting a malformed .doc file and
enticing a user to open this file with the affected application. If a vulnerable
user opens this file in OpenOffice, the application may crash due to memory
corruption. This issue may also be leveraged to execute arbitrary code in the
context of the user running OpenOffice.
Patchfile: patches-OOO_1_1-sot-overflow.diff (from FC2 & FC3 packages)
See also bug #152784 (CAN-2004-0752) which is not yet fixed in RHL9.
This should be fixed in the packages Dan made, available temporarily from
<ftp://evol.bu.edu/openoffice/>, with checksums at
Note that there's a mismatch with openoffice-libs-1.0.2-11.2.legacy.i386.rpm
right now -- we'll get that straightened out soon.
Okay, fixed. Thanks again to Dan.
Note that these packages also fix Bug 152784 (CAN-2004-0752 - openoffice.org temp file handling
Packages were pushed to updates-testing.
Thanks again Dan for your help on this issue.
-----BEGIN PGP SIGNED MESSAGE-----
QA for RHL9:
Installed openoffice, -i18n, and -libs. Installation went smoothly, and
basic functionality (like opening .doc files) seemed to work OK.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----
(Not sure what to put in when the bug has been split across multiple distro
versions, and some of those still need VERIFY while others don't..)
Released to updates.