AOH :: HP Unsorted V :: BT-21592.HTM

Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows



Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows
Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows



The just released latest version of OpenOffice.org 3.1.1 for Windows
distributes (once again) a completely outdated and vulnerable MSVC++
runtime.

The unpacked installation archive contains in subdirectory \REDIST\
the installer of the "Microsoft Visual C++ 2008 Redistributable",
VCRedist_x86.exe, time stamp 2009-01-19, version 9.0.21022.8.

This file was digitally signed by "Microsoft Corporation" on 2007-11-07,
i.e. it contains the initial release of the VC++ 2008 runtime.

This runtime but has been updated serveral times since its first
release, the last update was published just a month ago: see
 as well as 
, 
for the current version and
 
as well as
 
for the previous updates.

Fortunately the eventually installed outdated VC++ runtime will be
updated by the "Automatic Updates" feature of Windows with the hotfix
MS09-035 alias KB973551, IFF the Windows administrator has opt'd-in
to "Microsoft Update".
If not, all users of OpenOffice.org (as well as other poorly crafted
software which distributes outdated 3rd-party DLLs) are put at risk!

Stefan Kanthak


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.