CVE-2007-4575

Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)

• Synopsis: users opening specially crafted database documents may allow attackers to execute arbitrary static Java code
• State: Resolved

1. Impact

A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user.

2. Affected releases

All versions prior to OpenOffice.org 2.3.1

3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred

4. Relief/Workaround

There is no workaround. See "Resolution" below.

5. Resolution

This issue is addressed in the following releases:

HSQLDB 1.8.0.9 / OpenOffice.org 2.3.1

Security Home -> Bulletin -> CVE-2007-4575