Headline
CVE-2013-4156: CVE-2013-4156
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
OpenOffice DOCM Memory Corruption Vulnerability
Severity: Important****Vendor: The Apache Software Foundation****Versions Affected:
- Apache OpenOffice 3.4.0 to 3.4.1, on all platforms.
- Earlier versions may be also affected.
Description:
The vulnerability is caused by mishandling of unknown XML elements when parsing OOXML document files. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified.
Mitigation
Apache OpenOffice 3.4 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
Credits
The Apache OpenOffice security team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw.
Security Home -> Bulletin -> CVE-2013-4156