Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites
From: Pete Connolly <pete.connolly@xxxxxxxxxxxxxx>
Date: Thu, 4 Jan 2007 22:52:21 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=btinternet.com; h=Received:X-YMail-OSG:From:To:Subject:Date:User-Agent:References:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Disposition:Message-Id; b=pDToTQtSc5+ScU4N+fBJlTcn2PwsRhvMCuaCFv/AYHkN3lujBLfs9x4Ft3FVEuszdd39jNYKblEZ0o4X+/XfdneoykA8aBgYNBsc4CS94oOJwb/BtYVMa24n7z+oJIPRP4jRSPTUDk8bSFX3fXgWpjSzsszTSfpTsfGZccaIvzA= ;
In-reply-to: <10e301c73043$6539b010$4001a8c0@xxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <0bb101c73029$ecfbdd30$4001a8c0@xxxxxxxxxxxxxxx> <871wmawlzn.fsf@xxxxxxxxxxxxxxxxx> <10e301c73043$6539b010$4001a8c0@xxxxxxxxxxxxxxx>
User-agent: KMail/1.9.5

On Thursday 04 January 2007 21:00, David Litchfield wrote:
> Hi Florian,
>
> >* NGSSoftware Insight Security Research:
> >> The vulnerabilities, three heap overflows, affect OpenOffice 2.1.0 and
> >>
> >> http://download.openoffice.org/2.1.0/index.html
> >
> > As far as I can tell, there is no version newer than 2.1.0 available
> > at the web site.  According to uncorroborated, version 2.1.0 is not
> > affected.
> >
> > Would anyone please clarify the situation?  Thanks.
>
> It's version's prior to 2.1.0. Thanks for pointing this out. I'll send a
> follow up note.
> Cheers,
> David Litchfield
>

According to Marcus Meissner from SuSE security, opensuse 10.2 contains an OOo 
2.0.4 with the security fix backported from 2.1.

Just to add to the fun.

Cheers

Pete

References:
- High Risk Vulnerability in the OpenOffice and StarOffice Suites
  - From: NGSSoftware Insight Security Research
- Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites
  - From: Florian Weimer
- Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites
  - From: David Litchfield

Prev by Date: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)
Next by Date: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)
Previous by thread: Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites
Next by thread: Concurrency strikes MSIE (potentially exploitable msxml3 flaws)
Index(es):
- Date
- Thread