Detalji

Uočena su dva sigurnosna nedostatka kod programskih paketa Open Office inačice 3.2.1 te StarOffice/StarSuite inačica 7 i 8. Nedostaci nastaju kao posljedica prepisivanja spremnika u funkcijama "Section::GetDictionary()" i "ImplPolygon::ImplSetSize()". Takva situacija udaljenim napadačima omogućuje izvođenje DoS (eng. Denial of Service) napada i pokretanje proizvoljnog programskog koda, podmetanjem posebno oblikovanih dokumenata (npr. PPT datoteke). Kako bi zaštitili svoja računala od potencijalnih napada, korisnicima se preporuča instalacija ispravljenih inačica.

Oracle Open Office and StarOffice/StarSuite Code Execution Vulnerabilities

VUPEN ID 	VUPEN/ADV-2011-0150
CVE ID 	CVE-2010-2935 - CVE-2010-2936
 
CWE ID 	Available in VUPEN VNS Customer Area
CVSS V2 	Available in VUPEN VNS Customer Area
Rated as 	Critical 
Impact 	Available in VUPEN VNS Customer Area
Authentication Level 	Available in VUPEN VNS Customer Area
Access Vector 	Available in VUPEN VNS Customer Area
Release Date 	2011-01-19
Share 	Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

Two vulnerabilities have been identified in Oracle Open Office and StarOffice/StarSuite, which could be exploited by attackers to compromise a vulnerable system. For additional information, see : VUPEN/ADV-2010-2003

Affected Products

Oracle Open Office version 3.2.1 and prior
Oracle Sun StarOffice/StarSuite versions 7.x
Oracle Sun StarOffice/StarSuite versions 8.x

Solution 

Apply Oracle Critical Patch Update - January 2011 :
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

References

http://www.vupen.com/english/advisories/2011/0150
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Changelog 

2011-01-19 : Initial release

Idi na vrh