OpenOffice.org is prone to a flaw in the way it handles a a zero-length directory name in the LD_LIBRARY_PATH. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

Upgrade to version 3.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2010-3689 (see also: NVD)
• Secunia Advisory ID: 42999 43065 43105 43118 43388 43837 43913 44178 44202
• Bugtraq ID: 46031
• VUPEN Advisory: ADV-2011-0230 ADV-2011-0232
• Vendor Specific Solution URL: http://lists.debian.org/debian-security-announce/2011/msg00015.html
• Vendor Specific News/Changelog Entry: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054137.html
  http://www.openoffice.org/security/cves/CVE-2010-3689.html
  https://bugzilla.redhat.com/show_bug.cgi?id=641224
  https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001240.html
  https://www.ibm.com/support/docview.wss?uid=swg21496070
• RedHat RHSA: http://rhn.redhat.com/errata/RHSA-2011-0182.html
  https://rhn.redhat.com/errata/RHSA-2011-0181.html
• Other Advisory URL: http://www.debian.org/security/2011/dsa-2151
  http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixOOO
• Vendor Specific Advisory URL: https://hermes.opensuse.org/messages/7671999
  https://hermes.opensuse.org/messages/8086782
  https://hermes.opensuse.org/messages/8086783

• Dmitri Gribenko