OpenOffice ".slk" File Parsing Null Pointer Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : OpenOffice ".slk" File Parsing Null Pointer Vulnerability
# Published : 2010-01-19
# Author : Hellcode Research
# Previous Title : AOL 9.5 ActiveX Heap Overflow Vulnerability
# Next Title : Microsoft Windows Defender ActiveX Heap Overflow PoC

Product:

OpenOffice

Tested Vulnerable Versions:

3.1.1 and 3.1.0

Vulnerability:

Null Pointer

Description:

Hellcode Research discovered a null pointer vulnerability in Openoffice for
Windows.

Opening a malformed ".slk" file with Openoffice, causes a crash on
"soffice.bin"

PoC:

http://www.exploit-db.com/sploits/slk.rar

Credits:
karak0rsan and murderkey from Hellcode Research

The Computer Cheats (TCC)

Urls:

tcc.hellcode.net

forum.hellcode.net