A crafted ODF document can be used to create a buffer that is
too small for the amount of data loaded into it, allowing an
attacker to cause denial of service (memory corruption and
application crash) and possible execution of arbitrary code.
There are no known exploits of this vulnerability.
A proof-of-concept demonstration exists.
Vendor: The Apache Software Foundation
All Apache OpenOffice versions 4.1.1 and older are affected.
OpenOffice.org versions are also affected.
Apache OpenOffice users are urged to download and install
Apache OpenOffice version 4.1.2 or later. Use of in-document
control of printer settings is disabled in 4.1.2.
Users who do not upgrade to Apache OpenOffice 4.1.2 can
disable the vulnerability directly by declining to use
printer settings provided as part of ODF Documents:
1. In Apache OpenOffice, select the Tools menu Options entry.
2. On the Options Load/Save item's General sub-item, remove any
check for "Load printer settings with the document"
3. Click "OK"
4. This setting will apply to all documents loaded thereafter.