About the just fixed OpenOffice.org File Format Vulnerability

While the Macro and the Java Applet vulnerabilities where found by some Sun security audits, the File Format Vulnerability was reported from NGS Software Ltd.

They reported it to the OpenOffice.org Security Team, and didn't publicly disclose the vulnerability before we where able to provide updates with fixes for this issue.
Thanks for that!

This was also the first security issue handled completely by the OpenOffice.org Security Team.
Security People from Sun and from different Linux distributions are member of the Security Team. After we received the report, all of them investigated into that for different OpenOffice.org and StarOffice versions.
And this was really good, because in the first step I thought the problem was already fixed in latest OOo builds.
But it wasn't - it was just hidden from a new memory manager implementation.
The buffer overflow still existed, but OOo didn't crash with the new memory manager.

Good to have this great OpenOffice.org Security Team :)

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Malte Timmermann

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today