openoffice.org is vulnerable to arbitrary code execution. The vulnerability exists as a heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially-crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.
osvdb.org/70714
secunia.com/advisories/40775
secunia.com/advisories/42999
secunia.com/advisories/43065
secunia.com/advisories/43105
secunia.com/advisories/43118
secunia.com/advisories/60799
ubuntu.com/usn/usn-1056-1
www.cs.brown.edu/people/drosenbe/research.html
www.debian.org/security/2011/dsa-2151
www.gentoo.org/security/en/glsa/glsa-201408-19.xml
www.mandriva.com/security/advisories?name=MDVSA-2011:027
www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html
www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
www.redhat.com/support/errata/RHSA-2011-0181.html
www.redhat.com/support/errata/RHSA-2011-0182.html
www.securityfocus.com/bid/46031
www.securitytracker.com/id?1025002
www.vsecurity.com/resources/advisory/20110126-1
www.vupen.com/english/advisories/2011/0230
www.vupen.com/english/advisories/2011/0232
www.vupen.com/english/advisories/2011/0279
access.redhat.com/errata/RHSA-2011:0181
access.redhat.com/errata/RHSA-2011:0182
access.redhat.com/errata/RHSA-2011:0183
access.redhat.com/security/cve/CVE-2010-3453
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=640950