Vulnerability Note VU#953183

LibreOffice 3.3 'Lotus Word Pro' document import filter contains multiple vulnerabilities

Original Release date: 22 Jun 2011 | Last revised: 28 Mar 2012

Overview

LibreOffice 3.3.2 includes a feature to import 'Lotus Word Pro' (.lwp) documents. This import filter contains multiple vulnerabilities. CERT/CC has confirmed that code execution is possible by exploiting a stack buffer overflow.

Description

LibreOffice 3.3.2, 3.3.1, and possibly earlier versions fail to properly handle 'Lotus Word Pro' (.lwp) documents. The (.lwp) format is the native file format for Lotus Word Pro that is a word processor developed by IBM's Lotus Software group. More details can be found by reviewing the following patch commits: Commit 1 and Commit 2.

Impact

By convincing a user to open a specifically crafted 'Lotus Word Pro' (.lwp) document, an attacker may be able to execute arbitrary code.

Solution

Apply an Update

LibreOffice 3.3.3 and 3.4.0 both address these vulnerabilities.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
LibreOfficeAffected06 Apr 201106 Jun 2011
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 9.0 AV:N/AC:M/Au:N/C:C/I:C/A:P
Temporal 7.0 E:POC/RL:OF/RC:C
Environmental 7.0 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Will Dormann and Jared Allar of the CERT/CC for reporting these vulnerabilities.

This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2011-2685
  • Date Public: 16 Jun 2011
  • Date First Published: 22 Jun 2011
  • Date Last Updated: 28 Mar 2012
  • Severity Metric: 0.20
  • Document Revision: 21

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.