CIS Logo
tagline: Confidence in the Connected World
HomeResourcesAdvisoriesMultiple Vulnerabilities in Apache OpenOffice Could Allow for Arbitrary Code Execution

Multiple Vulnerabilities in Apache OpenOffice Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2017-105

DATE(S) ISSUED:

10/27/2017

OVERVIEW:

Multiple vulnerabilities have been discovered in OpenOffice, which could allow for arbitrary code execution. OpenOffice is an open-source productivity software suite that contains a word processor, spreadsheet application, presentation application, drawing application, formula editor, and a database management application. Successfully exploiting these vulnerabilities could allow for arbitrary code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Apache OpenOffice prior to 4.1.4

RISK:

Government:
  • Large and medium government entities: LOW
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: LOW
  • Small business entities: HIGH
Home Users:
LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Apache OpenOffice, which could allow for arbitrary code execution. Details regarding these vulnerabilities are as below:

  • A vulnerability in the OpenOffice Writer DOC file parser, specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. (CVE-2017-9806)
  • A vulnerability in OpenOffice's PPT file parser, specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. (CVE-2017-12607)
  • A vulnerability in OpenOffice Writer DOC file parser, specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. (CVE-2017-12608)

Successfully exploiting these vulnerabilities could allow for arbitrary code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Upgrade to the latest version of OpenOffice immediately, after appropriate testing.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Apply the principle of Least Privilege to all systems and services.
  • Remind users not to open emails, download attachments, or follow links provided by unknown or untrusted sources.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories