| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2008:0175.
OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.
Multiple heap overflows and an integer underflow were found in the Quattro
Pro(R) import filter. An attacker could create a carefully crafted Quattro
Pro file that could cause OpenOffice.org to crash or possibly execute
arbitrary code if the file was opened by a victim. (CVE-2007-5745,
CVE-2007-5747)
A heap overflow flaw was found in the EMF parser. An attacker could create
a carefully crafted EMF file that could cause OpenOffice.org to crash or
possibly execute arbitrary code if the malicious EMF image was added to a
document or if a document containing the malicious EMF file was opened by a
victim. (CVE-2007-5746)
A heap overflow flaw was found in the OLE Structured Storage file parser.
(OLE Structured Storage is a format used by Microsoft Office documents.) An
attacker could create a carefully crafted OLE file that could cause
OpenOffice.org to crash or possibly execute arbitrary code if the file was
opened by a victim. (CVE-2008-0320)
All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain backported fixes to correct these issues.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2008-0175.html
http://www.redhat.com/security/updates/classification/#important
Risk factor : Critical
CVSS Score:
9.3
|
