The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and previous versions allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openoffice openoffice 1.1.2 |
||
openoffice openoffice 1.1.3 |
||
openoffice openoffice 1.0.1 |
||
openoffice openoffice 1.0.2 |
||
openoffice openoffice 1.1.0 |
||
openoffice openoffice 1.1.1 |
||
openoffice openoffice 1.1.4 |