CVE-2007-5745

Name of the Vulnerable Software and Affected Versions OpenOffice.org versions prior to 2.4

Description The issue is related to multiple heap-based buffer overflows that can be triggered by a Quattro Pro (QPRO) file with crafted records, specifically Attribute and Font Description records. This can cause a denial of service (crash) and potentially allow the execution of arbitrary code. The vulnerability can also be exploited to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For OpenOffice.org versions prior to 2.4, update to version 2.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Quattro Pro (QPRO) files with crafted Attribute and Font Description records until a patch is available. Restrict access to potentially malicious files to minimize the risk of exploitation.