This topic is for storing the security bulletins issued by the Apache OpenOffice Security Team.
They can also be found at: http://www.mail-archive.com/dev@openoffice.apache.org/
Vulnerability bulletin
- Hagar Delest
- Moderator
- Posts: 32861
- Joined: Sun Oct 07, 2007 9:07 pm
- Location: France
Vulnerability bulletin
LibreOffice 24.8 on Xubuntu 24.10 and 24.8 portable on Windows 10
- Hagar Delest
- Moderator
- Posts: 32861
- Joined: Sun Oct 07, 2007 9:07 pm
- Location: France
CVE-2013-2189
OpenOffice DOC Memory Corruption Vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.
Predecessor versions of OpenOffice.org may be also affected.
Description:
The vulnerability is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified.
Mitigation:
Apache OpenOffice 3.4 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
Credits:
The Apache OpenOffice Security Team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw.
Herbert Dürr
Member of the Apache OpenOffice Security Team
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.
Predecessor versions of OpenOffice.org may be also affected.
Description:
The vulnerability is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified.
Mitigation:
Apache OpenOffice 3.4 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
Credits:
The Apache OpenOffice Security Team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw.
Herbert Dürr
Member of the Apache OpenOffice Security Team
LibreOffice 24.8 on Xubuntu 24.10 and 24.8 portable on Windows 10
- Hagar Delest
- Moderator
- Posts: 32861
- Joined: Sun Oct 07, 2007 9:07 pm
- Location: France
CVE-2013-4156
OpenOffice DOCM Memory Corruption Vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache OpenOffice 3.4.0 and 3.4.1, on all platforms.
Predecessor versions of OpenOffice.org may be also affected.
Description:
The vulnerability is caused by mishandling of unknown XML elements when parsing a OOXML document file. Specially crafted documents can be used for memory-corruption attacks. Further exploits are possible but have not been verified.
Mitigation
Apache OpenOffice 3.4.0 and 3.4.1 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
Credits
The Apache OpenOffice Security Team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw.
Herbert Dürr
Member of the Apache OpenOffice Security Team
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache OpenOffice 3.4.0 and 3.4.1, on all platforms.
Predecessor versions of OpenOffice.org may be also affected.
Description:
The vulnerability is caused by mishandling of unknown XML elements when parsing a OOXML document file. Specially crafted documents can be used for memory-corruption attacks. Further exploits are possible but have not been verified.
Mitigation
Apache OpenOffice 3.4.0 and 3.4.1 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
Credits
The Apache OpenOffice Security Team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw.
Herbert Dürr
Member of the Apache OpenOffice Security Team
LibreOffice 24.8 on Xubuntu 24.10 and 24.8 portable on Windows 10
- Hagar Delest
- Moderator
- Posts: 32861
- Joined: Sun Oct 07, 2007 9:07 pm
- Location: France
Re: Vulnerability bulletin
Well, we missed some additional bulletins, so for the whole list, see:
Apache OpenOffice Security Team Bulletin
Especially those integrated in AOO 4.1.1 & 4.1.2.
Apache OpenOffice Security Team Bulletin
Especially those integrated in AOO 4.1.1 & 4.1.2.
LibreOffice 24.8 on Xubuntu 24.10 and 24.8 portable on Windows 10
- Hagar Delest
- Moderator
- Posts: 32861
- Joined: Sun Oct 07, 2007 9:07 pm
- Location: France
CVE-2016-1513
Memory Corruption Vulnerability (Impress Presentations)
Version 2.0
Updated August 30, 2016
Announced July 21, 2016
Description
An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in Apache OpenOffice Impress. The defect may cause the document to appear as corrupted and OpenOffice may crash in a recovery-stuck mode requiring manual intervention. A crafted exploitation of the defect can allow an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.
Impress cannot be used to directly produce documents having the CVE-2016-1513-related defect. Impress-authored .ODF and .ODT documents of an user's own that exhibit any of these characteristics are not the result of an exploit. They may be consequences of a separate Impress defect that should be reported.
Severity: Medium
There are no known exploits of this vulnerabilty.
A proof-of-concept demonstration exists.
Versions Affected
All Apache OpenOffice versions 4.1.2 and older are affected.
OpenOffice.org versions are also affected.
Mitigation
Install the 4.1.2-patch1 Hotfix available at http://archive.apache.org/dist/openoffi ... otfix.html.
A source-code patch that blocks the vulnerability has been developed and is available for developers at issue 127045.
Antivirus products can detect documents attempting to exploit this vulnerability by employing Snort Signature IDs 35828-35829.
Defenses and Work-Arounds
If you are unable to apply the Hotfix to Apache OpenOffice 4.1.2 (after updating to that version, if necessary), there are other precautions that can be taken. These precautions are applicable in avoiding other possible exploits as well.
For defects such as those involved in CVE-2016-1513, documents can be crafted to cause memory corruption enough to crash Apache OpenOffice. Beyond that, however, the conditions under which arbitrary code can be executed are complex and difficult to achieve in an undetected manner.
An important layer of defense for all such cases is to avoid operating Apache OpenOffice (and any other personal productivity programs) under a computer account that has administrative privileges of any kind. While installation of Apache OpenOffice requires elevated privileges and user permission on platforms such as Microsoft Windows, operation of the software does not.
Keeping antivirus/antimalware software current is also important. This will serve to identify and distinguish suspicious documents that involve the exploit, avoiding confusion with documents that are damaged and/or fail for other reasons.
Complete bulletin at CVE-2016-1513
Version 2.0
Updated August 30, 2016
Announced July 21, 2016
Description
An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in Apache OpenOffice Impress. The defect may cause the document to appear as corrupted and OpenOffice may crash in a recovery-stuck mode requiring manual intervention. A crafted exploitation of the defect can allow an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.
Impress cannot be used to directly produce documents having the CVE-2016-1513-related defect. Impress-authored .ODF and .ODT documents of an user's own that exhibit any of these characteristics are not the result of an exploit. They may be consequences of a separate Impress defect that should be reported.
Severity: Medium
There are no known exploits of this vulnerabilty.
A proof-of-concept demonstration exists.
Versions Affected
All Apache OpenOffice versions 4.1.2 and older are affected.
OpenOffice.org versions are also affected.
Mitigation
Install the 4.1.2-patch1 Hotfix available at http://archive.apache.org/dist/openoffi ... otfix.html.
A source-code patch that blocks the vulnerability has been developed and is available for developers at issue 127045.
Antivirus products can detect documents attempting to exploit this vulnerability by employing Snort Signature IDs 35828-35829.
Defenses and Work-Arounds
If you are unable to apply the Hotfix to Apache OpenOffice 4.1.2 (after updating to that version, if necessary), there are other precautions that can be taken. These precautions are applicable in avoiding other possible exploits as well.
For defects such as those involved in CVE-2016-1513, documents can be crafted to cause memory corruption enough to crash Apache OpenOffice. Beyond that, however, the conditions under which arbitrary code can be executed are complex and difficult to achieve in an undetected manner.
An important layer of defense for all such cases is to avoid operating Apache OpenOffice (and any other personal productivity programs) under a computer account that has administrative privileges of any kind. While installation of Apache OpenOffice requires elevated privileges and user permission on platforms such as Microsoft Windows, operation of the software does not.
Keeping antivirus/antimalware software current is also important. This will serve to identify and distinguish suspicious documents that involve the exploit, avoiding confusion with documents that are damaged and/or fail for other reasons.
Complete bulletin at CVE-2016-1513
LibreOffice 24.8 on Xubuntu 24.10 and 24.8 portable on Windows 10