|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200701-07] OpenOffice.org: EMF/WMF file handling vulnerabilities Vulnerability Scan
Vulnerability Scan Summary OpenOffice.org: EMF/WMF file handling vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200701-07
(OpenOffice.org: EMF/WMF file handling vulnerabilities)
John Heasman of NGSSoftware has discovered integer overflows in the
EMR_POLYPOLYGON and EMR_POLYPOLYGON16 processing and an error within
the handling of META_ESCAPE records.
Impact
A possible hacker could exploit these vulnerabilities to cause heap overflows
and potentially execute arbitrary code with the rights of the user
running OpenOffice.org by enticing the user to open a document
containing a malicious WMF/EMF file.
Workaround
There is no known workaround known at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5870
Solution:
All OpenOffice.org binary users should update to version 2.1.0 or
later:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.1.0"
All OpenOffice.org users should update to version 2.0.4 or later:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|