| View previous topic :: View next topic |
| Author |
Message |
Stevex
Newbie
Joined: 15 Feb 2009
Posts: 4
|
 Posted: Mon Mar 02, 2009 2:57 am Post subject: OO ''rtl_allocateMemory() Integer Overflow Vulnerability |
 |
|
A couple of weeks ago I installed OOo 3.0.1. I have just carried out a scan of my laptop using Kaspersky Internet Security 2009. The scan pulled up www.viruslist.com/en/advisories/30599, which quotes
| Quote: | A vulnerability has been reported in OpenOffice, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an integer overflow error in "rtl_allocateMemory()" and can be exploited to cause heap-based buffer overflows via a specially crafted document.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions 2.0 to 2.4. |
KIS says this affects C:\ etc\ soffice.exe and .bin
Why is this being found on V3 when 30599 says 2.1 - 2.4 is at risk and an update to 2.4.1 is required?
_________________
Steve |
|
| Back to top |
|
 |
Stevex
Newbie
Joined: 15 Feb 2009
Posts: 4
|
| Posted: Tue Mar 03, 2009 2:13 am Post subject: |
|
|
punt
_________________
Steve |
|
| Back to top |
|
|
floris_v
Moderator
Joined: 12 Jul 2007
Posts: 4617
Location: Netherlands
|
| Posted: Tue Mar 03, 2009 4:05 am Post subject: |
|
|
Good point, but in the wrong place. This is a user to user forum. Please register this as an issue here.
Thanks.
_________________
LibreOffice 3.6.3; OOo 3.4.1 on Windows Vista
Join the Official community forum - in several languages, including Nederlandstalig forum |
|
| Back to top |
|
|
|
