Vulnerability Note VU#953183
LibreOffice 3.3 'Lotus Word Pro' document import filter contains multiple vulnerabilities
LibreOffice 3.3.2 includes a feature to import 'Lotus Word Pro' (.lwp) documents. This import filter contains multiple vulnerabilities. CERT/CC has confirmed that code execution is possible by exploiting a stack buffer overflow.
LibreOffice 3.3.2, 3.3.1, and possibly earlier versions fail to properly handle 'Lotus Word Pro' (.lwp) documents. The (.lwp) format is the native file format for Lotus Word Pro that is a word processor developed by IBM's Lotus Software group. More details can be found by reviewing the following patch commits: Commit 1 and Commit 2.
By convincing a user to open a specifically crafted 'Lotus Word Pro' (.lwp) document, an attacker may be able to execute arbitrary code.
Vendor Information (Learn More)
If you are a vendor and your product is affected, let
|Vendor||Status||Date Notified||Date Updated|
|LibreOffice||Affected||06 Apr 2011||06 Jun 2011|
Thanks to Will Dormann and Jared Allar of the CERT/CC for reporting these vulnerabilities.
This document was written by Jared Allar.
16 Jun 2011
Date First Published:
22 Jun 2011
Date Last Updated:
28 Mar 2012
If you have feedback, comments, or additional information about this vulnerability, please send us email.