Buffer overflows in KOffice and Calligra reported

ODF iconA buffer overflow vulnerability which affects both the KOffice and Calligra office suites has been disclosed by Charlie Miller of Accuvant Labs. The vulnerability, which allows an attacker to execute arbitrary code by exploiting an error in the read() function of the ODF renderer, was revealed as part of Miller’s presentation on NFC hacking at the recent Black Hat conference.

The vulnerability is exploited by tricking a user into opening a malicious ODF file that then causes a heap-based buffer overflow and leads to the attacker’s code being executed. Since KOffice runs on the Nokia N9 smartphone, Miller demonstrated how a maliciously crafted ODF file sent over NFC can be used to execute arbitrary code on the target phone.

More information on the vulnerability is available in Miller’s paper which he presented at the Black Hat conference. The vulnerability is rated “Highly Critical” by Secunia and, to date, has not been fixed in either KOffice or Calligra.





Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s