Overview
LibreOffice 3.3.2 includes a feature to import 'Lotus Word Pro' (.lwp) documents. This import filter contains multiple vulnerabilities. CERT/CC has confirmed that code execution is possible by exploiting a stack buffer overflow.
Description
LibreOffice 3.3.2, 3.3.1, and possibly earlier versions fail to properly handle 'Lotus Word Pro' (.lwp) documents. The (.lwp) format is the native file format for Lotus Word Pro that is a word processor developed by IBM's Lotus Software group. More details can be found by reviewing the following patch commits: Commit 1 and Commit 2. |
Impact
By convincing a user to open a specifically crafted 'Lotus Word Pro' (.lwp) document, an attacker may be able to execute arbitrary code. |
Solution
Apply an Update LibreOffice 3.3.3 and 3.4.0 both address these vulnerabilities. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 9 | AV:N/AC:M/Au:N/C:C/I:C/A:P |
| Temporal | 7 | E:POC/RL:OF/RC:C |
| Environmental | 7 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Will Dormann and Jared Allar of the CERT/CC for reporting these vulnerabilities.
This document was written by Jared Allar.
Other Information
| CVE IDs: | CVE-2011-2685 |
| Severity Metric: | 0.20 |
| Date Public: | 2011-06-16 |
| Date First Published: | 2011-06-22 |
| Date Last Updated: | 2012-03-28 15:15 UTC |
| Document Revision: | 23 |