OpenOffice - '.slk' Parsing Null Pointer

EDB-ID:

11192

CVE:





Platform:

Windows

Date:

2010-01-19


Product:

OpenOffice

Tested Vulnerable Versions:

3.1.1 and 3.1.0

Vulnerability:

Null Pointer

Description:

Hellcode Research discovered a null pointer vulnerability in Openoffice for
Windows.

Opening a malformed ".slk" file with Openoffice, causes a crash on
"soffice.bin"

PoC:

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/11192.rar (slk.rar)

Credits:
karak0rsan and murderkey from Hellcode Research

The Computer Cheats (TCC)

Urls:

tcc.hellcode.net

forum.hellcode.net