Debian Security Advisory DSA 1307-1 (openoffice.org) Network Vulnerability

Summary

The remote host is missing an update to openoffice.org announced via advisory DSA 1307-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201307-1

Insight

John Heasman discovered a heap overflow in the routines of OpenOffice.org that parse RTF files. A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code. For the old stable distribution (sarge) this problem has been fixed in version 1.1.3-9sarge7. For the stable distribution (etch) this problem has been fixed in version 2.0.4.dfsg.2-7etch1. For the unstable distribution (sid) this problem has been fixed in version 2.2.1~rc1-1. We recommend that you upgrade your openoffice.org packages.

Severity

Classification

CVE CVE-2007-0245
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 100-1 (gzip)
Debian Security Advisory DSA 1052-1 (cgiirc)
Debian Security Advisory DSA 1083-1 (motor)
Debian Security Advisory DSA 1049-1 (ethereal)
Debian Security Advisory DSA 013-1 (mysql)

Take action and discover your vulnerabilities