First published: Thu Jul 21 2011(Updated: )
Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
The Document Foundation LibreOffice | <=3.3.2 | |
The Document Foundation LibreOffice | =3.3.0 | |
The Document Foundation LibreOffice | =3.3.1 |
http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d
http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-2685 is classified as a critical severity vulnerability due to its ability to allow remote code execution through a crafted .lwp file.
To mitigate CVE-2011-2685, users should update LibreOffice to version 3.3.3 or later.
CVE-2011-2685 affects LibreOffice versions prior to 3.3.3.
CVE-2011-2685 is a stack-based buffer overflow vulnerability affecting the Lotus Word Pro import filter.
Yes, CVE-2011-2685 can be exploited remotely by sending a specially crafted .lwp file to the vulnerable LibreOffice application.