CVE-2013-2189

OpenOffice DOC Memory Corruption Vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

• Apache OpenOffice 3.4.0 to 3.4.1, on all platforms.
• Earlier versions may be also affected.

Description:

The vulnerability is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified.

Mitigation

Apache OpenOffice 3.4 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

Credits

The Apache OpenOffice security team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw.

---

Security Home -> Bulletin -> CVE-2013-2189