openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dianne Avery <>
Subject Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
Date Sun, 17 May 2015 00:43:01 GMT
And another

Sent from my iPad

On Apr 25, 2015, at 1:11 PM, Herbert Duerr <> wrote:


OpenOffice HWP Filter Remote Code Execution and Denial of Service

A vulnerability in OpenOffice's HWP filter allows attackers to cause a
denial of service (memory corruption and application crash) or possibly
execution of arbitrary code by preparing specially crafted documents in
the HWP document format.

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

   All Apache OpenOffice versions 4.1.1 and older are affected.


Apache OpenOffice users are advised to remove the problematic library in
the "program" folder of their OpenOffice installation. On Windows it is
named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is
named "". Alternatively the library can be renamed to anything
else e.g. "hwp_renamed.dll".
This mitigation will drop AOO's support for documents created in "Hangul
Word Processor" versions from 1997 or older. Users of such documents are
advised to convert their documents to other document formats such as
OpenDocument before doing so.

Apache OpenOffice aims to fix the vulnerability in version 4.1.2.


Thanks to an anonymous contributor working with VeriSign iDefense Labs.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message