OpenOffice issued a WMF/EMF code execution fix

It appears that new security update has been released.

Red Hat adivsory is located here (rated as Important):

And what the RHSA-2007:0001-3 states:

Several integer overflow bugs were found in the WMF file
processor. An attacker could create a carefully crafted WMF file that could
cause to execute arbitrary code when the file was opened by
a victim. (CVE-2006-5870)

CVE link listed is not accessible yet.
Update: Link to the CVE.

More details available via Bugzilla Bug 217347 (CVE-2006-5870 WMF heap overflow) opened in November. Related OpenOffice Issue 70042 document opened on 2nd Oct is located at
Both 1.1.x and 2.x versions are affected and this patch should be obtained.

These vulnerabilities are reported in OpenOffice prior to version 2.1.0.
The previous remarkable ‘OOo’ update was released in June.

It is not known if the critical .DOC issue, CVE-2006-6561 (so-called 12122006-djtest.doc issue) was fixed now. I believe that the answer is No.

Update: StarOffice versions 6, 7 and 8 are affected too. Link to the short advisory of NGSSoftware:

  • Juha-Matti

    John Heasman of Next Generation Security Software (NGS) has reported that StarOffice versions 6, 7 and 8 are affected too and there is a fix available. Blog entry updated.