Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 154989 - RH9: CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exec arbitrary code)
Summary: RH9: CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exe...
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: openoffice
Version: rhl9
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
Whiteboard: LEGACY, rh9
Depends On:
TreeView+ depends on / blocked
Reported: 2005-04-15 13:41 UTC by Dan Williams
Modified: 2007-04-18 17:23 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-05-13 00:51:47 UTC

Attachments (Terms of Use)

Description Dan Williams 2005-04-15 13:41:13 UTC
+++ This bug was initially created as a clone of Bug #154742 +++

Fedora Core 3 update:

  An attacker may exploit this issue by crafting a malformed .doc file and 
  enticing a user to open this file with the affected application. If a vulnerable
  user opens this file in OpenOffice, the application may crash due to memory 
  corruption. This issue may also be leveraged to execute arbitrary code in the 
  context of the user running OpenOffice. 

Patchfile: patches-OOO_1_1-sot-overflow.diff  (from FC2 & FC3 packages)

See also bug #152784 (CAN-2004-0752) which is not yet fixed in RHL9.

Comment 1 Matthew Miller 2005-04-16 15:07:51 UTC
This should be fixed in the packages Dan made, available temporarily from
<>, with checksums at

Note that there's a mismatch with openoffice-libs-1.0.2-11.2.legacy.i386.rpm
right now -- we'll get that straightened out soon.

Comment 2 Matthew Miller 2005-04-17 03:32:36 UTC
Okay, fixed. Thanks again to Dan.

Comment 3 Dan Williams 2005-04-17 14:40:40 UTC
Note that these packages also fix Bug 152784 (CAN-2004-0752 - temp file handling 

Comment 4 Marc Deslauriers 2005-05-02 12:00:03 UTC
Packages were pushed to updates-testing.

Thanks again Dan for your help on this issue.

Comment 5 Pekka Savola 2005-05-06 16:39:00 UTC
Hash: SHA1
QA for RHL9:
Installed openoffice, -i18n, and -libs.  Installation went smoothly, and
basic functionality (like opening .doc files) seemed to work OK.
Version: GnuPG v1.0.7 (GNU/Linux)

(Not sure what to put in when the bug has been split across multiple distro
versions, and some of those still need VERIFY while others don't..)

Comment 6 Marc Deslauriers 2005-05-13 00:51:47 UTC
Released to updates.

Note You need to log in before you can comment on or make changes to this bug.