AOH :: HP Unsorted H :: BU-1461.HTM

Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability



Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability
Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability



Release Date:
2010-01-14

Product:
OpenOffice

Tested Vulnerable Versions:
3.1.1 and 3.1.0

Vulnerability:
Null Pointer


Description:
Hellcode Research discovered a null pointer vulnerability in Openoffice for Windows.

Opening a malformed ".csv" file with Openoffice, causes a crash on "soffice.bin"


PoC:
http://tcc.hellcode.net/sploitz/csv.rar


Credits:
Hellcode Research
The Computer Cheats (TCC)
Natal Networks


Urls:
tcc.hellcode.net
forum.hellcode.net
www.natalnetworks.com


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.