Alert GCSA-08043 - Vulnerabilita' in OpenOffice
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08043
Data : 18 Aprile 2008
Titolo : Vulnerabilita' in OpenOffice
******************************************************************
:: Descrizione del problema
Sono state identificate in OpenOffice vulnerabilita' multiple che
potrebbe essere sfruttate da un attaccante per causare situazioni di
denial of service o compromettere un sistema vulnerabile.
Tali vulnerabilita' sono causate da errori di corruzione ed overflow
della memoria heap durante l'elaborazione di documenti di testo ODF
(con XForms) appositamente predisposti o durante la gestione di file
malformati di tipo Quattro Pro, EMF o OLE.
:: Software interessato
Versioni di OpenOffice precedenti alla 2.4
:: Impatto
Esecuzione remota di codice arbitrario
denial of service
:: Soluzioni
Aggiornare OpenOffice alla versione 2.4:
http://download.openoffice.org
:: Riferimenti
OpenOffice.org:
http://www.openoffice.org/security/bulletin.html
http://www.openoffice.org/news/index.html
SecurityFocus:
http://www.securityfocus.com/bid/28819
Secunia:
http://secunia.com/advisories/29852/
FrSirt:
http://www.frsirt.com/english/advisories/2008/1253
iDefense Lab:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=691
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=692
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=693
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSAhqpPOB+SpikaiRAQJ9tgP+Ji/hCkA5Eq2J61v8RdSv3oFWUVfe/yOz
s9WBNAkjpfosJSBnOFuZwGdN1RIyFi1vztfsQJLNTkgiwf95fHxcgr1rlbuzqchx
M266HAxlIb0o/5TreJJnNl7HjpVTyakah73ekMUwQexpEFeOgyMFIVQ6y3e1SVl/
dN9Wf/Lpdls=
=o/hE
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08043
Data : 18 Aprile 2008
Titolo : Vulnerabilita' in OpenOffice
******************************************************************
:: Descrizione del problema
Sono state identificate in OpenOffice vulnerabilita' multiple che
potrebbe essere sfruttate da un attaccante per causare situazioni di
denial of service o compromettere un sistema vulnerabile.
Tali vulnerabilita' sono causate da errori di corruzione ed overflow
della memoria heap durante l'elaborazione di documenti di testo ODF
(con XForms) appositamente predisposti o durante la gestione di file
malformati di tipo Quattro Pro, EMF o OLE.
:: Software interessato
Versioni di OpenOffice precedenti alla 2.4
:: Impatto
Esecuzione remota di codice arbitrario
denial of service
:: Soluzioni
Aggiornare OpenOffice alla versione 2.4:
http://download.openoffice.org
:: Riferimenti
OpenOffice.org:
http://www.openoffice.org/security/bulletin.html
http://www.openoffice.org/news/index.html
SecurityFocus:
http://www.securityfocus.com/bid/28819
Secunia:
http://secunia.com/advisories/29852/
FrSirt:
http://www.frsirt.com/english/advisories/2008/1253
iDefense Lab:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=691
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=692
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=693
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSAhqpPOB+SpikaiRAQJ9tgP+Ji/hCkA5Eq2J61v8RdSv3oFWUVfe/yOz
s9WBNAkjpfosJSBnOFuZwGdN1RIyFi1vztfsQJLNTkgiwf95fHxcgr1rlbuzqchx
M266HAxlIb0o/5TreJJnNl7HjpVTyakah73ekMUwQexpEFeOgyMFIVQ6y3e1SVl/
dN9Wf/Lpdls=
=o/hE
-----END PGP SIGNATURE-----