USN-903-1 -- openoffice.org vulnerabilitiesID: oval:org.secpod.oval:def:700103 | Date: (C)2011-01-28 (M)2023-11-09 |
Class: PATCH | Family: unix |
It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. Sebastian Apelt and Frank Reißner discovered that OpenOffice did not correctly import XPM and GIF images. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls
Platform: |
Ubuntu 8.04 |
Ubuntu 8.10 |
Ubuntu 9.10 |
Ubuntu 9.04 |