Apache OpenOffice is currently impacted by a remote code execution flaw

guest · Sep 21, 2021

Apache OpenOffice is currently impacted by a remote code execution flaw
September 21, 2021
https://securityaffairs.co/wordpress/122426/security/apache-openoffice-rce-cve-2021-33035.html

Security researcher Eugene Lim (@spaceraccoonsec) recently revealed technical details about a remote code execution flaw, tracked as CVE-2021-33035, (CVE-2021-33035) that impacts OpenOffice (AOO). The experts disclosed the flaw at HackerOne’s Hacktivity online conference after the company failed to address the vulnerability by August 30.

At the time of this writing, the flaw was only addressed with a beta software update and awaits the official release.

Apache OpenOffice (AOO) is currently vulnerable to a remote code execution vulnerability and while the app’s source code has been patched, the fix has only been made available as beta software and awaits an official release.
Click to expand...

Lim told El Reg the CVE-2021-33035 “is a buffer overflow by a .dbf file which overrides a return pointer with a DEP [data execution prevention] and ASLR [address space layout randomization] bypass to finally execute arbitrary commands by the attacker.”

The beta installers that address the issue are available here and the source code that contains the patch is here.
Click to expand...

All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021–33035)

Coming from a background in primarily web and application security, I had to shift my hacking mindset towards memory corruption vulnerabilities and local attack vectors. This two-part series will share how I got started in vulnerability research by discovering and exploiting code execution zero-days in office applications used by hundreds of millions of people.
Click to expand...

Log in or Sign up

Apache OpenOffice is currently impacted by a remote code execution flaw

guest Guest

Log in or Sign up

Apache OpenOffice is currently impacted by a remote code execution flaw

guest Guest

Useful Searches