search menu icon-carat-right cmu-wordmark

CERT Coordination Center


LibreOffice 3.3 'Lotus Word Pro' document import filter contains multiple vulnerabilities

Vulnerability Note VU#953183

Original Release Date: 2011-06-22 | Last Revised: 2012-03-28

Overview

LibreOffice 3.3.2 includes a feature to import 'Lotus Word Pro' (.lwp) documents. This import filter contains multiple vulnerabilities. CERT/CC has confirmed that code execution is possible by exploiting a stack buffer overflow.

Description

LibreOffice 3.3.2, 3.3.1, and possibly earlier versions fail to properly handle 'Lotus Word Pro' (.lwp) documents. The (.lwp) format is the native file format for Lotus Word Pro that is a word processor developed by IBM's Lotus Software group. More details can be found by reviewing the following patch commits: Commit 1 and Commit 2.

Impact

By convincing a user to open a specifically crafted 'Lotus Word Pro' (.lwp) document, an attacker may be able to execute arbitrary code.

Solution

Apply an Update

LibreOffice 3.3.3 and 3.4.0 both address these vulnerabilities.

Vendor Information

953183
Expand all

LibreOffice

Notified:  April 06, 2011 Updated:  June 06, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 9.0 AV:N/AC:M/Au:N/C:C/I:C/A:P
Temporal 7.0 E:POC/RL:OF/RC:C
Environmental 7 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Will Dormann and Jared Allar of the CERT/CC for reporting these vulnerabilities.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2011-2685
Severity Metric: 0.20
Date Public: 2011-06-16
Date First Published: 2011-06-22
Date Last Updated: 2012-03-28 15:15 UTC
Document Revision: 21

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.