KLA12404 Multiple vulnerabilities in OpenOffice

Multiple vulnerabilities were found in OpenOffice. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service.

Below is a complete list of vulnerabilities:

1. Buffer overflow vulnerability can be exploited via special crafted DBF file to execute arbitrary code.
2. Elevation of privilege vulnerability can be exploited via special crafted file to gain privileges.
3. Security bypass vulnerability can be exploited to bypass security restrictions and gain privileges.
4. Denial of service vulnerability can be exploited via special crafted XML files to cause denial of service.

Original advisories

CVE-2021-28129

CVE-2021-40439

CVE-2021-33035

CVE-2021-41830

CVE-2021-41831

CVE-2021-41832

Related products

OpenOffice.org

CVE list

CVE-2021-33035 critical

CVE-2021-41832 critical

CVE-2021-28129 critical

CVE-2021-41831 high

CVE-2021-40439 high

CVE-2021-41830 critical

Solution

Update to the latest version

Download OpenOffice

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• OpenOffice earlier than 4.1.11