First published: Wed Dec 05 2007(Updated: )
OpenOffice.org is an office productivity suite.<br>HSQLDB is a Java relational database engine used by OpenOffice.org Base.<br>It was discovered that HSQLDB could allow the execution of arbitrary public<br>static Java methods. A carefully crafted odb file opened in OpenOffice.org<br>Base could execute arbitrary commands with the permissions of the user<br>running OpenOffice.org. (CVE-2007-4575)<br>It was discovered that HSQLDB did not have a password set on the 'sa' user.<br> If HSQLDB has been configured as a service, a remote attacker who could<br>connect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands.<br>(CVE-2003-0845)<br>Note that in Red Hat Enterprise Linux 5, HSQLDB is not enabled as a service<br>by default, and needs manual configuration in order to work as a service.<br>Users of OpenOffice.org or HSQLDB should update to these errata packages<br>which contain backported patches to correct these issues.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.