OpenOffice.org (OOo) prior to 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openoffice openoffice.org 2.0 |
||
openoffice openoffice.org 2.0.2 |
||
openoffice openoffice.org 2.0.3 |
||
openoffice openoffice.org 2.0.4 |
||
openoffice openoffice.org 1.1.5 |