The OpenOffice folks have a patch to catch corrupt wmf/emf files with out of bounds values in the emf/wmf file. An attacker could create a malicious file in such a way it may be able to execute arbitrary code if opened in OpenOffice by a victim. Since this requires user interaction it is severity important. http://www.openoffice.org/issues/show_bug.cgi?id=70042 Affects: RHEL3, RHEL4
Created attachment 142161 [details] Proposed patch
Any news on this update?
There's a lot of building in 5 OOos :-) RHEL-3: openoffice.org-1.1.2-35.2.0.EL3 RHEL-4: openoffice.org-1.1.5-5.6.0.EL4 RHEL-5: openoffice_org-2.0.4-5.4.12 (bug 217348) FC-5: openoffice.org-2.0.2-5.20.2 FC-6: openoffice.org-2.0.4-5.5.7 I suspect the embargo date should be pushed out to 12.12.2006 to match 2.1 release date
This issue is public: http://www.openoffice.org/servlets/ReadMsg?list=releases&msgNo=10454
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0001.html