Description
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way OpenOffice.org parsed XPM files. An attacker could create
a specially-crafted document, which once opened by a local, unsuspecting
user, could lead to arbitrary code execution with the permissions of the
user running OpenOffice.org. An integer underflow flaw and a boundary error flaw, both possibly leading
to a heap-based buffer overflow, were found in the way OpenOffice.org
parsed certain records in Microsoft Word documents. An attacker could
create a specially-crafted Microsoft Word document, which once opened by a
local, unsuspecting user, could cause OpenOffice.org to crash or,
potentially, execute arbitrary code with the permissions of the user
running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302)
A heap-based buffer overflow flaw, leading to memory corruption, was found
in the way OpenOffice.org parsed GIF files. An attacker could create a
specially-crafted document, which once opened by a local, unsuspecting
user, could cause OpenOffice.org to crash.