LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

OpenOffice.org: buffer overflow and command execution

Package(s):openoffice.org CVE #(s):CVE-2007-0238 CVE-2007-0239
Created:March 21, 2007 Updated:April 17, 2007
Description: The StarCalc parser in OpenOffice.org suffers from an "easily exploitable" stack overflow which could be exploited (via a malicious document) to execute arbitrary code.

Additionally, there is a failure to escape shell metacharacters in URLs, exposing users to command execution by way of hostile links.

Alerts:
Gentoo 200704-12 2007-04-16
rPath rPSA-2007-0070-1 2007-04-09
Mandriva MDKSA-2007:073 2007-03-29
Foresight FLEA-2007-0004-1 2007-03-29
Ubuntu USN-444-1 2007-03-27
Debian DSA-1270-2 2007-03-28
Fedora FEDORA-2007-376 2007-03-27
Fedora FEDORA-2007-375 2007-03-27
Red Hat RHSA-2007:0069-01 2007-03-22
Red Hat RHSA-2007:0033-01 2007-03-22
SuSE SUSE-SA:2007:023 2007-03-21
Debian DSA-1270-1 2007-03-20
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds