| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Dec 2006 18:05:14 +0800 From: Kamchybek Jusupov <kjusupov@...il.com> To: "Bruno Lustosa" <bruno.lists@...il.com> Cc: bugtraq@...urityfocus.com Subject: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! It's openoffice-2.0.4 (gentoo), and it did crashed with the below error... synack ~ $ oowriter2 12122006-djtest.doc Application ErrorApplication Error Fatal exception: Signal 6 Stack: /usr/lib/openoffice/program/libuno_sal.so.3[0xb71b0424] /lib/libc.so.6(malloc+0x7f)[0xb6b52cff] /usr/lib/openoffice/program/soffice: line 254: 24654 Aborted "$sd_prog/$sd_binary" "$@" ** (process:24639): WARNING **: Unknown error forking main binary / abnormal early exit ... On Fri, 15 Dec 2006 16:07:20 -0200 / Bruno Lustosa wrote: With a subject: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!! > On 15 Dec 2006 09:49:54 -0000, gplit@...lit.com <gplit@...lit.com> > wrote: > > try yourself with OpenOffice.org 2.1: > > http://www.milw0rm.com/sploits/12122006-djtest.doc > > Crashed OpenOffice.org 2.1 on my Linux system (Gentoo using > openoffice-bin 2.1.0). > Anyone tried it under Windows? > -- Rgds, Kamchybek Jusupov Attitude is no substitude for competence... GPG Key: C565 2827 0858 ECFE 74D7 A556 7B09 59DA B6C8 FF8C
Powered by blists - more mailing lists