[Solved] CVE-2015-1774: OpenOffice HWP Filter Remote...
- 466385@tiscali.co.uk
- Posts: 81
- Joined: Fri Jan 28, 2011 6:59 pm
[Solved] CVE-2015-1774: OpenOffice HWP Filter Remote...
Hi all,
I've just pulled an email with the above title out of my spam folder. Is it genuine? Here's what it says:
Ian
CVE-2015-1774
OpenOffice HWP Filter Remote Code Execution and Denial of Service
Vulnerability
A vulnerability in OpenOffice's HWP filter allows attackers to cause a
denial of service (memory corruption and application crash) or possibly
execution of arbitrary code by preparing specially crafted documents in
the HWP document format.
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
All Apache OpenOffice versions 4.1.1 and older are affected.
Mitigation:
Apache OpenOffice users are advised to remove the problematic library in
the "program" folder of their OpenOffice installation. On Windows it is
named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is
named "libhwp.so". Alternatively the library can be renamed to anything
else e.g. "hwp_renamed.dll".
This mitigation will drop AOO's support for documents created in "Hangul
Word Processor" versions from 1997 or older. Users of such documents are
advised to convert their documents to other document formats such as
OpenDocument before doing so.
Apache OpenOffice aims to fix the vulnerability in version 4.1.2.
Credits:
Thanks to an anonymous contributor working with VeriSign iDefense Labs.
I've just pulled an email with the above title out of my spam folder. Is it genuine? Here's what it says:
Ian
CVE-2015-1774
OpenOffice HWP Filter Remote Code Execution and Denial of Service
Vulnerability
A vulnerability in OpenOffice's HWP filter allows attackers to cause a
denial of service (memory corruption and application crash) or possibly
execution of arbitrary code by preparing specially crafted documents in
the HWP document format.
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
All Apache OpenOffice versions 4.1.1 and older are affected.
Mitigation:
Apache OpenOffice users are advised to remove the problematic library in
the "program" folder of their OpenOffice installation. On Windows it is
named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is
named "libhwp.so". Alternatively the library can be renamed to anything
else e.g. "hwp_renamed.dll".
This mitigation will drop AOO's support for documents created in "Hangul
Word Processor" versions from 1997 or older. Users of such documents are
advised to convert their documents to other document formats such as
OpenDocument before doing so.
Apache OpenOffice aims to fix the vulnerability in version 4.1.2.
Credits:
Thanks to an anonymous contributor working with VeriSign iDefense Labs.
Last edited by 466385@tiscali.co.uk on Mon Apr 27, 2015 9:33 am, edited 1 time in total.
OO latest version; Windows 7 X64 SP1
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an
This posting was sent to several of the Apache OpenOffice mailing lists signed by a known contributor to those lists. I have no reason to doubt its validity, but several list members have asked for confirmation.
Apache OpenOffice 4.1.15 on Xubuntu 22.04.4 LTS
- 466385@tiscali.co.uk
- Posts: 81
- Joined: Fri Jan 28, 2011 6:59 pm
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an
Sorry Rory. I may be becoming over-sensitive to word usage, thanks to the ongoing election, but that looks like a politician's answer! Surely somebody from Apache could/should grant official approval?
Ian
Ian
OO latest version; Windows 7 X64 SP1
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an
I can only tell you what I know. The original poster to the Apache lists is a known contributor - I'm not sure of his status (haven't time to check - fixing dishwasher!), but this vulnerability number shows up on
https://security-tracker.debian.org/tra ... -2015-1774
and elsewhere.
List members on some of the Apache OpenOffice mailing lists have asked for confirmation that the messages were not an email hijack: on my inspection they do not appear to be so.
https://security-tracker.debian.org/tra ... -2015-1774
and elsewhere.
List members on some of the Apache OpenOffice mailing lists have asked for confirmation that the messages were not an email hijack: on my inspection they do not appear to be so.
Edit: Dishwasher sounds happy! Blocked input filters (at both ends of water input pipe) |
Edit: Edit2: As for a "politician's answer", remember George Meredith's line in "Modern Love": "Ah, what a dusty answer gets the soul When hot for certainties in this our life!" |
Apache OpenOffice 4.1.15 on Xubuntu 22.04.4 LTS
- 466385@tiscali.co.uk
- Posts: 81
- Joined: Fri Jan 28, 2011 6:59 pm
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an
Thanks, Rory, and I'm glad the dishwasher's OK. I'll leave it a few days and see if any more positive proof turns up.
Yours,
Doubting Thomas
Yours,
Doubting Thomas
OO latest version; Windows 7 X64 SP1
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an
I confirm the message is genuine.
See http://www.openoffice.org/security/bulletin.html for more.
The vulnerability is expected to be fixed in our next release (OpenOffice 4.1.2), but you can apply the workaround described in the issue already now.
It is very unlikely that you need support for "Hangul Word Processor" versions from 1997 or older (and if you do, for sure you know it), so deleting or renaming the problematic library will not affect your ordinary usage of OpenOffice.
--
Andrea Pescetti - Apache OpenOffice PMC and security team member.
See http://www.openoffice.org/security/bulletin.html for more.
The vulnerability is expected to be fixed in our next release (OpenOffice 4.1.2), but you can apply the workaround described in the issue already now.
It is very unlikely that you need support for "Hangul Word Processor" versions from 1997 or older (and if you do, for sure you know it), so deleting or renaming the problematic library will not affect your ordinary usage of OpenOffice.
--
Andrea Pescetti - Apache OpenOffice PMC and security team member.
OpenOffice 4.1.2 Italian
- 466385@tiscali.co.uk
- Posts: 81
- Joined: Fri Jan 28, 2011 6:59 pm
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an
Thank you. Sorry to be so neurotic, but I've just spent 6 days in the care of a malware clean up expert.
Ian
Ian
OO latest version; Windows 7 X64 SP1
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an
One great way to get involved with malware is to publish your e-mail address.
OpenOffice 4.1.11 on Ubuntu; LibreOffice 6.4 on Linux Mint, LibreOffice 7.6.2.1 on Ubuntu
If your problem has been solved or your question has been answered, please edit the first post in this thread and add [Solved] to the title bar.
Nederlandstalig forum
If your problem has been solved or your question has been answered, please edit the first post in this thread and add [Solved] to the title bar.
Nederlandstalig forum
- 466385@tiscali.co.uk
- Posts: 81
- Joined: Fri Jan 28, 2011 6:59 pm
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an
Thanks, floris. BTW, I noted the green ink print below your post and tried to edit the title of the first post but couldn't. I added a green tick instead.
Ian
Ian
OO latest version; Windows 7 X64 SP1
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an
Thank you for editing it, anyway. The title is too long, that's why you can't add text.
OpenOffice 4.1.11 on Ubuntu; LibreOffice 6.4 on Linux Mint, LibreOffice 7.6.2.1 on Ubuntu
If your problem has been solved or your question has been answered, please edit the first post in this thread and add [Solved] to the title bar.
Nederlandstalig forum
If your problem has been solved or your question has been answered, please edit the first post in this thread and add [Solved] to the title bar.
Nederlandstalig forum