[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites
From: Pete Connolly <pete.connolly@xxxxxxxxxxxxxx>
Date: Thu, 4 Jan 2007 22:52:21 +0000

On Thursday 04 January 2007 21:00, David Litchfield wrote:
> Hi Florian,
>
> >* NGSSoftware Insight Security Research:
> >> The vulnerabilities, three heap overflows, affect OpenOffice 2.1.0 and
> >>
> >> http://download.openoffice.org/2.1.0/index.html
> >
> > As far as I can tell, there is no version newer than 2.1.0 available
> > at the web site.  According to uncorroborated, version 2.1.0 is not
> > affected.
> >
> > Would anyone please clarify the situation?  Thanks.
>
> It's version's prior to 2.1.0. Thanks for pointing this out. I'll send a
> follow up note.
> Cheers,
> David Litchfield
>

According to Marcus Meissner from SuSE security, opensuse 10.2 contains an OOo 
2.0.4 with the security fix backported from 2.1.

Just to add to the fun.

Cheers

Pete

References:
- High Risk Vulnerability in the OpenOffice and StarOffice Suites
  - From: NGSSoftware Insight Security Research
- Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites
  - From: Florian Weimer
- Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites
  - From: David Litchfield

Prev by Date: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)
Next by Date: [USN-401-1] D-Bus vulnerability
Previous by thread: Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites
Next by thread: Concurrency strikes MSIE (potentially exploitable msxml3 flaws)
Index(es):
- Date
- Thread