openoffice-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <orc...@apache.org>
Subject Updated Security Advisory: CVE-2016-1513 Memory Corruption Vulnerability (Impress Presentations)
Date Tue, 30 Aug 2016 16:11:50 GMT
The change is availability of a Hotfix.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


CVE-2016-1513
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1513>
Apache OpenOffice Advisory
<https://www.openoffice.org/security/cves/CVE-2016-1513.html>

Title: Memory Corruption Vulnerability (Impress Presentations)

Version 2.0
Updated August 30, 2016
Announced July 21, 2016


Description

An OpenDocument Presentation .ODP or Presentation Template 
.OTP file can contain invalid presentation elements that lead
to memory corruption when the document is loaded in Apache 
OpenOffice Impress.  The defect may cause the document to 
appear as corrupted and OpenOffice may crash in a recovery-
stuck mode.  A crafted exploitation of the defect can allow an 
attacker to cause denial of service (memory corruption and
application crash) and possible execution of arbitrary code.

Impress cannot be used to directly produce documents having the
CVE-2016-1513-related defect.  Impress-authored .ODP and .OTP
documents of an user's own that exhibit any of these characteristics
are not the result of an exploit.  They may be consequences
of a separate Impress defect that should be reported.  

Severity: Medium

    There are no known exploits of this vulnerability.
    A proof-of-concept demonstration exists.

Vendor: The Apache Software Foundation

Versions Affected:

    All Apache OpenOffice versions 4.1.2 and older 
    are affected.  OpenOffice.org versions are also
    affected.
    
Mitigation:

Install the 4.1.2-patch1 Hotfix available at
<http://archive.apache.org/dist/openoffice/4.1.2-patch1/hotfix.html>.

A source-code patch that blocks the vulnerability
has been developed and is available for developers
at <https://bz.apache.org/ooo/show_bug.cgi?id=127045>.

Antivirus products can detect documents attempting to 
exploit this vulnerability by employing Snort Signature
IDs 35828-35829.

Defenses and Work-Arounds:

If you are unable to apply the Hotfix to Apache OpenOffice 
4.1.2 (after updating to that version, if necessary),
there are other precautions that can be taken.  These
precautions are applicable in avoiding other possible
exploits as well.

For defects such as those involved in CVE-2016-1513,  
documents can be crafted to cause memory corruption enough
to crash Apache OpenOffice.  Beyond that, however, the 
conditions under which arbitrary code can be executed are 
complex and difficult to achieve in an undetected manner.

An important layer of defense for all such cases is to 
avoid operating Apache OpenOffice (and any other personal
productivity programs) under a computer account that has
administrative privileges of any kind.  While installation
of Apache OpenOffice requires elevated privileges and user
permission on platforms such as Microsoft Windows, operation
of the software does not.  

Keeping antivirus/antimalware software current is also 
important. This will serve to identify and distinguish
suspicious documents that involve the exploit, avoiding
confusion with documents that are damaged and/or fail
for other reasons.

Further Information:

For additional information and assistance, consult the Apache
OpenOffice Community Forums, <https://forum.openoffice.org/> or 
make requests to the <mailto:users@openoffice.apache.org> public
mailing list.  Defects not involving suspected security
vulnerabilities can be reported via
<http://www.openoffice.org/qa/issue_handling/pre_submission.html>.

      
The latest information on Apache OpenOffice security bulletins 
can be found at the Bulletin Archive page 
<http://www.openoffice.org/security/bulletin.html>.

Credits: 

The Apache OpenOffice project acknowledges the discovery and
analysis for CVE-2016-1513 by Yves Younan and Richard Johnson
of Cisco Talos.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXxGFtAAoJEPluif/UVmKKMYkH/254PYIrlYdYi3e9CnE4a806
6IOsFEtTAaSKi0Pvbgb+ycyTEU4MHmgodpMjMnWRxS/OES3C8W7VvEhRSC6xhT1O
czVmiPbd7nIf6K473DQzgFWhd2tci8gIpwNv6NgznV/gA+MePrhILv9JBfIe19AE
UvQqgk+O5qd8I9qoxWSROQs1/syC6TMa52D2Fy97mgAKzlqDoN2vxfDyV1lIci3H
PYEqYPHIwMGXeud+kAA1eJxcrC3jNqGgRJQD4646w0z1ewhZ3G4dNiHD+BFsBKph
CcSR2/hZcv9H11YBO7jSFYUza8seRzzx/t79kJrvQgDGQLQOWYe7rZ0QbCsskEE=
=O9aE
-----END PGP SIGNATURE-----




Mime
View raw message