{"vuid":"VU#953183","idnumber":"953183","name":"LibreOffice 3.3 'Lotus Word Pro' document import filter contains multiple vulnerabilities","keywords":["libreoffice","exploitable","lotus","filter","FOE"],"overview":"LibreOffice 3.3.2 includes a feature to import 'Lotus Word Pro' (.lwp) documents. This import filter contains multiple vulnerabilities. CERT/CC has confirmed that code execution is possible by exploiting a stack buffer overflow.","clean_desc":"LibreOffice 3.3.2, 3.3.1, and possibly earlier versions fail to properly handle 'Lotus Word Pro' (.lwp) documents. The (.lwp) format is the native file format for Lotus Word Pro that is a word processor developed by IBM's Lotus Software group. More details can be found by reviewing the following patch commits: Commit 1 and Commit 2.","impact":"By convincing a user to open a specifically crafted 'Lotus Word Pro' (.lwp) document, an attacker may be able to execute arbitrary code.","resolution":"Apply an Update\nLibreOffice 3.3.3 and 3.4.0 both address these vulnerabilities.","workarounds":"","sysaffected":"","thanks":"Thanks to Will Dormann and Jared Allar of the CERT/CC for reporting these vulnerabilities.","author":"This document was written by Jared Allar.","public":["http://www.libreoffice.org/advisories/cve-2011-2685/","http://www.libreoffice.org/download/","http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877","http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d"],"cveids":["CVE-2011-2685"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-04-06T12:43:56Z","publicdate":"2011-06-16T00:00:00Z","datefirstpublished":"2011-06-22T13:29:39Z","dateupdated":"2012-03-28T15:15:44Z","revision":23,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"11","cam_easeofexploitation":"3","cam_attackeraccessrequired":"3","cam_scorecurrent":"0.2041875","cam_scorecurrentwidelyknown":"0.4269375","cam_scorecurrentwidelyknownexploited":"0.7981875","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9","cvss_basevector":"AV:N/AC:M/Au:N/C:C/I:C/A:P","cvss_temporalscore":"7","cvss_environmentalscore":"7","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.2041875,"vulnote":null}