One of the OpenOffice vulnerabilities (CVE-2017-9806) found by Talos allows an attacker to create a malicious font that can lead to an out of bound write vulnerability, which triggers the remote code execution event. This is a common problem, which has also plagued Microsoft and its Office suite of productivity apps. On Thursday, Apache Software Foundation publicly acknowledged the bugs, affecting OpenOffice 4.1.3, and offered a 4.1.4 update to the office suite which fixes the problems.Įach of the out-of-bound vulnerabilities ( CVE-2017-9806, CVE-2017-12607, CVE-2017-12608) are related, in that each allows an adversary to compromise systems via malicious office documents that, upon opening, attack the host system. Each three of these bugs were found by Cisco Talos, which alerted The Apache Software Foundation of its discovery in March. Three of the four bugs patched are out-of-bound vulnerabilities that if exploited could allow for arbitrary code execution. Each of the vulnerabilities are rated medium in severity. The patches are for the suite’s word processing and graphics apps. The Apache Software Foundation fixed four vulnerabilities Friday tied to its popular Apache OpenOffice suite of free productivity applications.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |