Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and previous versions, and possibly other versions prior to 2.1.0; and StarOffice 6 through 8; allow user-assisted remote malicious users to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun staroffice 7.0 |
||
sun staroffice 8.0 |
||
sun staroffice 6.0 |
||
openoffice openoffice |