Mandriva Linux Security Advisory : openoffice.org (MDVSA-2008:095)
High Nessus Plugin ID 37969
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability in HSQLDB before 188.8.131.52 in OpenOffice.org could allow user-assisted remote attackers to execute arbitrary Java code via crafted database documents (CVE-2007-4575).
A heap overflow was discovered in OpenOffice.org's EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or potentially execute arbitrary code if the malicious EMF image was added to a document or if a document containing such an EMF file was opened (CVE-2007-5746).
Multiple heap overflows and an integer underflow were discovered in the Quattro Pro(R) import filter. An attacker could create a carefully crafted Quattro Pro file that could cause OpenOffice.org ro crash or potentially execute arbitrary code (CVE-2007-5745, CVE-2007-5747).
A heap overflow was discovered in the OLE Structured Storage file parser, a format used by Microsoft Office documents. An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or potentially execute arbitrary code (CVE-2008-0320).
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.