FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openoffice -- arbitrary code execution vulnerabilities

Affected packages
2.4 <= openoffice.org-2 < 2.4.2
2.4.20040402 <= openoffice.org-2
2.4 <= openoffice.org-2-devel < 2.4.2
2.4.20040402 <= openoffice.org-2-devel
2.4 <= openoffice.org-2-RC < 2.4.2
2.4.20040402 <= openoffice.org-2-RC

Details

VuXML ID 842bafdd-be2f-11dd-a578-0030843d3802
Discovery 2008-10-29
Entry 2008-11-29

The OpenOffice Team reports:

A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now.

A security vulnerability with the way OpenOffice 2.x process EMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now.

References

CVE Name CVE-2008-2237
CVE Name CVE-2008-2238
URL http://www.openoffice.org/security/cves/CVE-2008-2237.html
URL http://www.openoffice.org/security/cves/CVE-2008-2238.html