openoffice-utenti-it mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tassi Pierluigi <PTa...@Regione.Emilia-Romagna.it>
Subject [utenti-it] I: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
Date Mon, 27 Apr 2015 12:44:45 GMT
Ciao a tutti,
	vi inoltro questa segnalazione di sicurezza apparsa sulle ML internazionali.

----
Cordiali saluti, Pierluigi Tassi


-----Messaggio originale-----
Da: Herbert Duerr [mailto:hdu@apache.org] 
Inviato: sabato 25 aprile 2015 21:14
A: announce@openoffice.apache.org; dev@openoffice.apache.org; users@openoffice.apache.org
Oggetto: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability

CVE-2015-1774

OpenOffice HWP Filter Remote Code Execution and Denial of Service Vulnerability

A vulnerability in OpenOffice's HWP filter allows attackers to cause a denial of service (memory
corruption and application crash) or possibly execution of arbitrary code by preparing specially
crafted documents in the HWP document format.

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

    All Apache OpenOffice versions 4.1.1 and older are affected.

Mitigation:

Apache OpenOffice users are advised to remove the problematic library in the "program" folder
of their OpenOffice installation. On Windows it is named "hwp.dll", on Mac it is named "libhwp.dylib"
and on Linux it is named "libhwp.so". Alternatively the library can be renamed to anything
else e.g. "hwp_renamed.dll".
This mitigation will drop AOO's support for documents created in "Hangul Word Processor" versions
from 1997 or older. Users of such documents are advised to convert their documents to other
document formats such as OpenDocument before doing so.

Apache OpenOffice aims to fix the vulnerability in version 4.1.2.

Credits:

Thanks to an anonymous contributor working with VeriSign iDefense Labs.



---------------------------------------------------------------------
To unsubscribe, e-mail: utenti-it-unsubscribe@openoffice.apache.org
For additional commands, e-mail: utenti-it-help@openoffice.apache.org
Mime
View raw message