TECHNICAL BULLETIN

T-224: OpenOffice Word Document Table Parsing Multiple Heap Based Buffer Overflow Vulnerabilities

[CVE-2009-0200 & CVE-2009-0201]

September 3, 2009 13:00 GMT


PROBLEM:	OpenOffice is prone to multiple remote heap-based buffer-overflow vulnerabilities because of errors in processing certain files.
PLATFORM:	OpenOffice OpenOffice 3.1 and previous versions
ABSTRACT:	Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

LINKS:
DOE-CIRC BULLETIN:	http://www.doecirc.energy.gov/bulletins/t-224.shtml
OTHER LINKS:	Security Focus http://www.securityfocus.com/bid/36200/info OpenOffice Development http://development.openoffice.org/releases/3.1.1.html
CVE:	CVE-2009-0200 CVE-2009-0201

IMPACT ASSESSMENT:	This risk is medium. Remote attackers can exploit these issues by enticing victims into opening maliciously crafted files.

[***** Start CVE-2009-0200 & CVE-2009-0201 *****]
Discussion:
Secunia Research has discovered a vulnerability in OpenOffice.org,
which can be exploited by malicious people to potentially compromise
a user's system.

The vulnerability is caused by a boundary error when parsing certain
records and can be exploited to cause a heap-based buffer overflow via
a specially crafted document.

Successful exploitation may allow execution of arbitrary code.

Solution:
Updates are available at the below link

http://development.openoffice.org/releases/3.1.1.html

[***** End CVE-2009-0200 & CVE-2009-0201 *****]

DOE-CIRC wishes to acknowledge the contributions of Dyon Balding of Secunia Research for the information contained in this bulletin.

DOE-CIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at:

    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov

UCRL-MI-119788