Red Hat Bugzilla – Bug 435678
CVE-2007-5745 openoffice.org: Quattro Pro files handling heap overflows in Attribute and Font records
Last modified: 2008-05-17 18:25:49 EDT
Security issue found by anonymous researcher was reported via iDefense to
Manipulated Quattro Pro files can lead to heap overflows and arbitrary code
A security vulnerability with the way OpenOffice.org 2 processes Quattro Pro
files may allow a remote unprivileged user who provides a OpenOffice.org
document that is opened by a local user to execute arbitrary commands on the
system with the privileges of the user running OpenOffice.org.
embargo moved at request of upstream to Apr 15
openoffice.org-2.3.0-6.14.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
openoffice.org-2.3.0-6.8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.