svn commit: r1712669 - /openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5214.html

Wed, 04 Nov 2015 13:43:03 -0800 

Author: orcmid
Date: Wed Nov  4 21:42:29 2015
New Revision: 1712669

URL: http://svn.apache.org/viewvc?rev=1712669&view=rev
Log:
Staging for disclosure

Added:
    openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5214.html   (with 
props)

Added: openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5214.html
URL: 
http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5214.html?rev=1712669&view=auto
==============================================================================
--- openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5214.html (added)
+++ openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5214.html [UTF-8] 
Wed Nov  4 21:42:29 2015
@@ -0,0 +1,104 @@
+
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>CVE-2015-5214</title>
+        <style type="text/css"></style>
+    </head>
+
+    <body>
+    <!-- These were previously defined as XHTML pages.  The current
+         wrapping for the site introduces HTML5 headers and formats.
+         This version is modified to match the wrapping that is done as part
+         of publishing this page and not rely on any particular styling
+         beyond <p>.
+         -->
+        <p>
+            <a 
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5214";>CVE-2015-5214</a>
+        </p>
+        <p>
+            <a 
href="http://www.openoffice.org/security/cves/CVE-2015-5214.html";>Apache 
OpenOffice Advisory</a>
+        </p>
+
+        <p style="text-align:center; font-size:largest"><strong>CVE-2015-5214:
+        .DOC BOOKMARKS VULNERABILITY</strong></p>
+
+        <p style="text-align:center; font-size:larger"><strong>Fixed in Apache 
OpenOffice 4.1.2</strong></p>
+
+        <p><strong>Title: Memory Corrruption Vulnerability (DOC
+        Bookmarks)</strong></p>
+        <p>
+            <strong>Version 1.0</strong>
+            <br />
+            Announced November 4, 2015</p>
+
+        <p>
+        A crafted Microsoft Word DOC can contain invalid bookmark
+        positions leading to memory corruption when the document is
+        loaded or bookmarks are manipulated.  The defect allows an
+        attacker to cause denial of service (memory corruption and
+        application crash) and possible execution of arbitrary code.
+        </p>
+
+        <p>
+            <strong>Severity: Medium</strong>
+        </p>
+        <p>There are no known exploits of this vulnerabilty.<br />
+           A proof-of-concept demonstration exists.</p>
+        <p>
+            <strong>Vendor: The Apache Software Foundation</strong>
+        </p>
+
+        <p>
+            <strong>Versions Affected</strong></p>
+
+        <p>All Apache OpenOffice versions 4.1.1 and older are affected.<br />
+            OpenOffice.org versions are also affected.</p>
+
+        <p>
+            <strong>Mitigation</strong>
+        </p>
+        <p>
+        Apache OpenOffice users are urged to download and install Apache
+        OpenOffice version 4.1.2 or later.  The defect is over-ridden in
+        4.1.2.
+        </p>
+
+        <p>
+            <strong>Precautions</strong>
+        </p>
+        <p>
+          Users who do not upgrade to Apache OpenOffice 4.1.2 should
+          be careful of .DOC files from unknown or unreliable sources.
+          A Microsoft Word 97-2003 DOC format file can be checked
+          by opening with software, such as Microsoft Office Word or
+          Word Online.  The documents may be rejected as corrupted or
+          extraordinary employment of bookmarks may be observable.</p>
+
+         <p>
+            <strong>Further Information</strong>
+        </p>
+        <p>For additional information and assistance, consult the
+           <a href="https://forum.openoffice.org/";>Apache OpenOffice Community 
Forums</a>
+           or make requests to the
+           <a 
href="mailto:us...@openofffice.apache.org";>us...@openofffice.apache.org</a>
+           public mailing list.
+        </p>
+        <p>The latest information on Apache OpenOffice security bulletins
+        can be found at the <a 
href="http://www.openoffice.org/security/bulletin.html";>Bulletin
+        Archive page</a>.</p>
+
+        <p><strong>Credits</strong></p>
+        <p>
+        The discoverer of this vulnerability wishes to remain anonymous.
+        </p>
+
+        <hr />
+
+        <p>
+            <a href="http://security.openoffice.org";>Security Home</a>
+    -&gt; <a href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
+    -&gt; <a 
href="http://www.openoffice.org/security/cves/CVE-2015-5214.html";>CVE-2015-5214</a>
+        </p>
+    </body>
+</html>

Propchange: openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5214.html
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5214.html
------------------------------------------------------------------------------
    svn:mime-type = text/html;charset=UTF-8

Reply via email to