Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0200 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in an integer underflow that may lead to heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. CVE-2009-0201 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. CVE-2009-2139 A vulnerability has been discovered in the parser of EMF files of OpenOffice/Go-oo 2.x and 3.x that can be triggered by a specially crafted document and lead to the execution of arbitrary commands the privileges of the user running OpenOffice.org/Go-oo. This vulnerability does not exist in the packages for oldstable, testing and unstable. For the old stable distribution (etch) these problems have been fixed in version 2.0.4.dfsg.2-7etch7. For the stable distribution (lenny) these problems have been fixed in version 2.4.1+dfsg-1+lenny3 and higher. For the unstable (sid) and testing (squeeze) distribution these problems have been fixed in version 3.1.1~ooo310m15-1. We recommend that you upgrade your Openoffice.org package.
Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems:
Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document.
When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in an integer underflow that may lead to heap-based buffer overflows.
Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process.
Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document.
When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in heap-based buffer overflows.
Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process.
A vulnerability has been discovered in the parser of EMF files of OpenOffice/Go-oo 2.x and 3.x that can be triggered by a specially crafted document and lead to the execution of arbitrary commands the privileges of the user running OpenOffice.org/Go-oo.
This vulnerability does not exist in the packages for oldstable, testing and unstable.
For the old stable distribution (etch) these problems have been fixed in version 2.0.4.dfsg.2-7etch7.
For the stable distribution (lenny) these problems have been fixed in version 2.4.1+dfsg-1+lenny3 and higher.
For the unstable (sid) and testing (squeeze) distribution these problems have been fixed in version 3.1.1~ooo310m15-1.
We recommend that you upgrade your Openoffice.org package.
MD5 checksums of the listed files are available in the original advisory.