Update Protection against OpenOffice Word Document Table Parsing Heap Overflow
| Check Point Reference: | CPAI-2009-471 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA35036 | |
| Industry Reference(s): | CVE-2009-0201 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? OpenOffice.org OpenOffice 3.x prior to 3.1.1 | ||
| Vulnerability Description A heap overflow vulnerability has been reported in OpenOffice that allows remote attackers to execute arbitrary code on the target system. The vulnerability is due to a boundary error when parsing certain records. Remote attackers can exploit this vulnerability by enticing a target user to open a malicious Word document. In the case of successful code injection and execution, the behavior of the target is dependent on the intention of the malicious code. The injected code will be executed with the privileges of the current user. In a case where code injection is not successful, the affected application may terminate abnormally causing a denial of service condition. |
||
|
Vulnerability Details OpenOffice.org is an open source office suite. The suite includes a word processor, a spreadsheet application, a presentation creator, an illustration drawer, a desktop database, and an equation editor. The product is made available for multiple platforms and languages. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.