LibreOffice reported CVE-2012-0037 today concurrent with the agreed lifting of the embargo. If it is saved as ODF 1.0/1.1, there might also be no harm, although this case requires some testing to confirm.)Īs was reported, it is relatively easy to craft an ODF 1.2 document that can exercise the exploit when opened by a vulnerable application. Hamilton wrote:Here is my personal assessment around the CVE-2012-003 that was announced concurrent with a patch release for OpenOffice 3.3.0 today.įirst, the vulnerability is related to use of ODF 1.2 document format in a manner that causes information from the user's computer to be covertly accessed and captured inside the document when it is saved. Patch, and for porting it or adapting it to derivativesĬredit: The Apache OpenOffice project acknowledges and thanks theĭiscoverer of this issue, Timothy D. Source and Building: Information on obtaining the source code for this This vulnerability is also fixed in Apache OpenOffice 3.4 dev Mitigation: 3.3.0 and 3.4 beta users should install the Data leakage then becomes possible when thatĭocument is later distributed to other parties. Locally- accessible files into the ODF document, without the user's By crafting an external entity to refer to other localįile system resources, an attacker would be able to inject contents of other In which external entities are processed in certain XML components of ODFĭocuments. Versions Affected: 3.3 and 3.4 Beta, on all platforms.ĭescription: An XML External Entity (XXE) attack is possible in theĪbove versions of. The patch is made available under theĪpache License, and due to its importance, we are releasing it outsideĬVE-2012-0037: data leakage vulnerability Legacy users as a service by the Apache OpenOffice Note: This security patch for is made available to If someone else supports or manages your desktop, then pleaseĪdditional support is available on our Community Forums: If you are an 3.3 user, andĪre able to apply the mentioned patch, then you are encouraged to do Anyone with experience using this sort of software will enjoy how easy it is to customize, and those moderate to advanced users will also probably notice that the numerous features in muCommander are considerable when weighed against its free utility.Please note, this is the official security bulletin, targeted for With the right knowledge, muCommander can be a powerful tool in the pursuit of a perfect file management system. While the documentation is thorough, the software is generally aimed at users with enough experience that they don't require the extra educational resources. If that's not quite enough, you can access a number of online resources, including sections on Customization and Frequently Asked Questions. This makes it much easier to control the software without having to dig through menu after menu for some obscure function. If you get lost and decide you want to learn a bit about the software before you dive in, there is a dedicated Help section that contains a full list of every keyboard combination that is linked to a specific function. This is an especially useful tool that saves a lot of time and system resources. Bookmarks can be added or edited with ease, and you can alter the contents of an archive file without the need to decompress and then recompress the data. You can also take advantage of simultaneously open tabs to make it easier to find what you need. You can use this software with a number of different protocols, including SMB, S3, SFTP, HTTP, HDFS, and many others. If you get bored with the UI you selected at the initial launch, you can select a new skin through the software settings. No matter which you select, you experience a sleek, modern UI with intuitive tools, a dual-pane UI, and easy-to-understand icons. When you initially launch the software, you'll be asked to select a theme that encompasses the general aesthetic of the software. You'll be directed to the Java website where you can download and install the newest version available. If you don't have the most recent version of Java Runtime Environment, the software will prompt you to download it since the newest version is required for the installation process. Simply drag the application from the mounted archive file and place it in the system folder called Applications. The Mac version of the muCommander software takes literal seconds to install. It comes packed with numerous advanced features that make large-volume file management simple and intuitive, and the ability to customize the software to your liking makes it perform at peak levels in your workflow. Overall Opinion: Advanced file managers are hard to find, but muCommander is perhaps the best tool in its category for such large-volume management.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |