CVE-2009-0200 / CVE-2009-0201

Manipulated Word documents can lead to heap overflows and arbitrary code execution

• Synopsis: Manipulated WMF files can lead to heap overflows and arbitrary code execution
• State: Resolved

1. Impact

A security vulnerability with the way OpenOffice.org processes Word documents may allow a remote unprivileged user who provides a Word document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org.
No working exploit is known right now.

2. Affected releases

• All versions of OpenOffice.org 3 prior to version 3.1.1
• All versions of OpenOffice.org 2 prior to version 2.4.3
• All versions of OpenOffice.org 1

3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred.

4. Relief/Workaround

There is no workaround. See "Resolution" below.

5. Resolution

This issue is addressed in the following releases:

• OpenOffice.org 3.1.1
• OpenOffice.org 2.4.3

6. Comments

OpenOffice.org acknowledges with thanks, Dyon Balding of Secunia Research.

Security Home -> Bulletin -> CVE-2009-0200 / CVE-2009-0201