[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability
From: karakorsankara@xxxxxxxxxxx
Date: Mon, 18 Jan 2010 18:02:05 -0700

Product:

OpenOffice

Tested Vulnerable Versions:

3.1.1 and 3.1.0

Vulnerability:

Null Pointer

Description:

Hellcode Research discovered a null pointer vulnerability in Openoffice for
Windows.

Opening a malformed ".slk" file with Openoffice, causes a crash on "soffice.bin"


PoC:

http://tcc.hellcode.net/sploitz/slk.rar

Credits:
karak0rsan and murderkey from Hellcode Research

The Computer Cheats (TCC)

Urls:

tcc.hellcode.net

forum.hellcode.net

Prev by Date: JBroFuzz 1.9 Fuzzer Released!
Next by Date: Re: facebook 'routing flaw'?
Previous by thread: JBroFuzz 1.9 Fuzzer Released!
Next by thread: Multiple Vulnerabilities in XOOPS 2.4.3 and earlier
Index(es):
- Date
- Thread