Unsolved
This post is more than 5 years old
3 Apprentice
•
15.2K Posts
0
18211
UNpatched HWP Filter Memory Corruption Vulnerability in OpenOffice
The following has been copied/pasted from http://secunia.com/advisories/64302 (which, while free, requires log-in to view):
Description
A vulnerability has been reported in Apache OpenOffice, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to an error related to the HWP filter, which can be exploited to cause a memory corruption via a specially crafted HWP [Hangul Word Processor] file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions 4.1.1 and prior.
[Temporary work-around: Users can remove (or rename) the problematic library ("hwp.dll") in the "program" folder of their OpenOffice installation (i.e., C:\Program Files\OpenOffice 4\program\hwp.dll) ]
Solution:
Update to version 4.1.2 when available.
Provided and/or discovered by:
The vendor credits an anonymous person via VeriSign iDefense Labs.
Original Advisory:
http://www.openoffice.org/security/cves/CVE-2015-1774.html