Multiple vulenerabilities were reported against OpenOffice.org; the original report indicates the affected platform is Windows but without any evidence to substantiate that, we cannot claim this does not affect us. Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3569 to the following vulnerability: Name: CVE-2009-3569 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3569 Assigned: 20091006 Reference: MISC: http://intevydis.com/vd-list.shtml Reference: BID:36285 Reference: URL: http://www.securityfocus.com/bid/36285 Reference: SECTRACK:1022832 Reference: URL: http://www.securitytracker.com/id?1022832 Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side stack overflow exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3570 to the following vulnerability: Name: CVE-2009-3570 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3570 Assigned: 20091006 Reference: MISC: http://intevydis.com/vd-list.shtml Reference: BID:36285 Reference: URL: http://www.securityfocus.com/bid/36285 Reference: SECTRACK:1022828 Reference: URL: http://www.securitytracker.com/id?1022828 Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 200901005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3571 to the following vulnerability: Name: CVE-2009-3571 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3571 Assigned: 20091006 Reference: MISC: http://intevydis.com/vd-list.shtml Reference: BID:36285 Reference: URL: http://www.securityfocus.com/bid/36285 Reference: SECTRACK:1022832 Reference: URL: http://www.securitytracker.com/id?1022832 Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 200901005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
There is currently still no information on these vulnerabilities available.
This is still no actionable information on this and nothing from upstream regarding it, so it's not possible to know whether these are legitimate vulnerabilities or not. If we don't know what the problem is, we can't fix it, and this has been open for over a year with no information coming forward anywhere (and no other vendors have found/obtained any information here either.