A boundary error flaw, possibly leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially-crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. Credit: Nicolas Joly of VUPEN Vulnerability Research Team
This issue has been assigned CVE-2009-3302
Created attachment 374027 [details] fix (combined with that of CVE-2009-3301)
Public now via: http://www.openoffice.org/security/bulletin.html
http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0101 https://rhn.redhat.com/errata/RHSA-2010-0101.html
openoffice.org-3.1.1-19.12.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/openoffice.org-3.1.1-19.12.fc11
openoffice.org-3.1.1-19.26.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/openoffice.org-3.1.1-19.26.fc12
openoffice.org-3.1.1-19.26.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
openoffice.org-3.1.1-19.12.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.