Apache OpenOffice Vulnerabilities

Three new vulnerabilities have been found in the OpenOffice productivity suite. All three target an out-of-bound write exploit.

Threat ID:: CC-1742
Category:: Exploit
Threat Severity:: Low
Threat Vector:
Published:: 1 November 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Three new vulnerabilities have been found in the OpenOffice productivity suite. All three target an out-of-bound write exploit.

Threat details

The first vulnerability affects the "Write" application, where parsing a specially crafted font using the WW8Fonts::WW8Fonts>can result in remote code execution. The second vulnerability, also affecting the "Write" application, uses a specially crafted .doc file and the WW8RStyle::ImportOldFormatStyles functionality, leads to local code execution. The final vulnerability exploits the PPTStyleSheet:PPTStyleSheet functionality of the "Draw" application with a specially crafted .ppt file to locally execute code.

Remediation steps

Type	Step
	All three vulnerabilities have been patched in the newest release (4.1.4). Administrators are encouraged to update all instances of OpenOffice when possible.

Last edited: 14 February 2020 2:57 pm