Re: [ja-discuss] プレスリリース原稿：OpenOffice.org1.1.xセキュリティホール対策について

[Takamichi Akiyama]

Tora$B$G$9!#(B
(B
$B$*Hh$lMM$G$9!#(B
(B
(B OpenOffice.org$B$NMxMQ[EMAIL PROTECTED];$s$+!#(B
(B
$B$=$7$F!"MxMQ$K$J$l$P$J$k$[$I!"$$$d$H$$$&$[$I!"$3$NpJsDs6!$N5!2q$,A}$($F(B
$B$/$k$3$H$G$7$g$&!#$$$A$$$AMxMQ$N3HD%;R$,(B .doc
$B$*$h$S(B .dot $B$N%U%!%$%k(B)
(B
(B2. Louis $B$5$s$+$i$N0J2<$N(B2$B9T$N>pJs$rK]LuE>:\$*4j$?$7$^$9!#(B
(BSee the security advisory for more information:
(Bhttp://www.securityfocus.com/archive/1/395516
(B
(B3. $B!V(BStgCompObjStream?::Load()$B!W%U%!%s%/%7%g%s(B $B"*(B 
$B!V(BStgCompObjStream::Load()$B!W%a%=%C%I(B
(B# $B86J8$,(B function [EMAIL PROTECTED]"!"!"(Bmethod $B$,@52r$J$N$K!#!#!#(B
(B
(B4. [EMAIL PROTECTED](B
(Bhttp://util.openoffice.org/source/browse/util/sot/source/sdstor/stgole.cxx?r1=1.4r2=1.4.166.1
(B
(B
(B===
$B$"$*$i$J$$$h$&$K$7$^$7$g$&$h!#$HKAF,$G$O=q$-$^$7$?$,!"%=!<%9%3!<%I$H$=$N(B
(B[EMAIL PROTECTED];%-%e%j%F%#%[!%k$N2U=j!K$,$3$s$J$K$b!V%*![EMAIL 
(BPROTECTED]"(B
$B5;=QE*$K$O4JC1$K!"0-0U$N$"$k(B .doc $B%U%!%$%k$r:[EMAIL 
(BPROTECTED]$G$9$M!#(B
(B
$B$?$^$?$^:#2s$K8B$C$F$O!"LdBj$N$"$k%3!<%I(B
(B sal_Char* p = new sal_Char[ (USHORT) nLen1 ]; // 
$B2<0L(B16$B%S%C%H$NCM$G%a%b%j(B($B%P%C%U%!(B)$B$r3d$jEv$F(B
(B if( Read( p, nLen1 ) == (ULONG) nLen1 )  // [EMAIL PROTECTED];H$C$F$$$k!#(B
$B$K$h$C$F3NJ]$5$l$k!V%P%C%U%!!W$N%a%b%j>e$N%"%I%l%9$,!"$"$i$+$8$aM=B,$7$K(B
$B$/$$$&$(!"%P%C%U%!$N0LCV$,!"$h$/[EMAIL 
(BPROTECTED]/!WNN0h$G$O$J$/$F!V%R!%W!W(B
$BNN0h$G$"$k$?$a!";ve!"0-0U$N$"$k%3!<[EMAIL PROTECTED](B
(B
$B$=$N$?$a!"0-0U$N$"$k(B.doc$B%U%!%$%k$NFI$_9~$_$K$h$C$F!"(BOOo 
$B$NF0:n$,$*$+$7$/(B
$B$J$C$?$j!"0[>o=*N;$7$F$7$^$&!#$H$$$&%l%Y%k$N$h$&$G$9!#(B
(B
$B0J2<$N$h$&$JIT6q9g$,!V%P%C%U%!%*!<%P!<%U%m!e5-$N%3!<%I$GJQ?t(B nLen1 $B$K(B10$B?J?t$N(B 10 
$B$,BeF~$5$l$F$$$?$H2>Dj$7$^$9!#(B
(B10$B?J?t$N(B 10 
$B$O!"(B32$B%S%C%H$N(B16$B?J?t$GI=8=$9$k$H!"(B000186A0 $B$G$9!#(B
$B2<0L([EMAIL PROTECTED]$9$H(B 
(B34464 $B$G$9!#(B
$B$H$$$&$3$H$O!"(B1$B9TL\$G(B 34464 
$B%P%$%HJ,$N%a%b%j!J%P%C%U%!!K$,3NJ]$5$l$^$9!#(B
$B$H$3$m$,!"(B2$B9TL\$G(B 10 
$B%P%$%HJ,FI$_9~$s$G$7$^$&$N$G!"(B34465$B%P%$%HL\$+$i(B
(B10$B%P%$%HL\$^$G$N!"$=$3$K85$+$i$"$C$?%a%b%j%G!<%?$,[EMAIL PROTECTED](B
(B
(Bhttp://www.securityfocus.com/archive/1/395516 $B$N5-;[EMAIL PROTECTED]"(B
(Band when free happened ,will cause write pointer,maybe cause arbitrary code 
(Bexcute .
$B$H$"$j$^$9$,!"!"!"NY$N6u$-%a%b%j$N4IM}%G!<%?$r>h$C<[EMAIL PROTECTED](B
$B$H$3$m$G!"(BOOo$B$rK=Av$5$;$k$3$H$O4JC1$K$G$-$=$&$G$9$,!"$^$7$F$d<+J,$N(B
$B;[EMAIL PROTECTED]<%I$K=hM}$r0\9T$5$;$k$3$H$O!"!"!"$[$\L5M}$G$7$g$&!#!#!#(B
(B
(BTora
(B
(BYutaka Kachi wrote:
(B catch$B$G$9(B
(B $B%W%l%9%j%j!<%9869F$G$9!#(B
(B $B3'$5$s$N%l%S%e!<$r$*4j$$$7$^$9!#(B
(B 
(B ===
(B $B%W%l%9%j%j!<%9(B
(B $BJsF;4X78

Re: [ja-discuss] プレスリリース原稿：OpenOffice.org1.1.xセキュリティホール対策について

[Takamichi Akiyama]

Tora$B$G$9!#(B
(B
(B catch$B$G$9(B
(B $B$H$O$$$(!"%f!<%6!<$,$I$s$J9TF0$r$*$3$9$Y$-$+$O!"[EMAIL 
(B PROTECTED]/$N$,$H;W$(B
(B $B$N$G$9!#!I9M$($F$/[EMAIL 
(B PROTECTED](B"$B$H$$$&$N$b$s$G$9$,!"I,MW$JM=HwCN<1$r;}$C$F$$(B
(B $B$k?M$P$+$j$G$O$J$$$N$G!"[EMAIL PROTECTED](B
(B
$B$*$C$7$c$kDL$j$G$9!#(B
(B
$BOC$O$:$l$^$9$,!"http://www.itmedia.co.jp/enterprise/articles/0504/13/news011.html
(B===
(BMicrosoft$B$N%0%k!<[EMAIL 
(BPROTECTED]!"%F%#%U%!%K!!%"%l%7!%J;a$O!"9-JsBeM}E97PM3(B
$B$GG[I[$7$?@<[EMAIL 
(BPROTECTED]%3%a%s%H!#WCG%D!%k$rMxMQ$7$F$$$?8\5R$O$[$H$s$I$,(BSP2$B$r(B
$B%$%s%9%H!<%k:Q$_$+!"FCJL%D!<%k$r;H$C$F%Q%C%A4IM}$r9T$C$F$$$k$HF1;a$O=R$Y$F$$$k!#(B
(B===
(BWindows XP $B$N(B SP2 
$B$rE,MQ$7$J$$$h$&$K$9$k!V/$J$/$H$b;[EMAIL PROTECTED]@!#!W(B
$B$H$$$&$h$&$J$"$j$,$A$JH/A[$+$i!"$=$m$=$mC&5Q$7$F$$$/$h$&$K!"2aJ]8n!)$KJd=u(B
$B$7$F$$$k/$J$$$H;W$$$^$9$,!"(B
(B $B!I$3$l$+$iM-L>$K$J$l$P$J$k$[$I!I!"$5$i$K=q$-J}$,Fq$7$/$J$k$N$+$bCN$l$^$;$s!#(B
(B 
(B ### [EMAIL PROTECTED]|:[EMAIL PROTECTED]$J$s$G$9$1$I!"(B
(B ### $B$"[EMAIL PROTECTED],7x$$!?Fq$7$$(B
(B ### $B$H$$$&@<$,$"$k$o$1$G$9(B(^^
(B
$BFq$7$$$G$9$M!#$=$3$K$^$?3Z$7$_$r46$8$F$$$?$j$7$F!#!#!#(B
(B
(B $B"#8=>](B
(B Writer$B$K4^$^$l$F$$$k!V(BStgCompObjStream?::Load()$B!W%a%=%C%I$KLdBj$,$"$j!"(B
(B $B:Y9)$r;\$5$l$?(BMicrosoft 
(B Word$B%U%!%$%k(B($B3HD%;R$,(Bdoc$B$*$h$S(Bdot$B$N$b$N(B)$B$r3+$/$H(B
(B $B%R!<%W%*!<%P!<%U%m!<$,H/@8$7$F!">l9g$K$h$C$F$O%W%m%0%i%`$NF0:n$,IT0BDj$K(B
(B $B$J$k62$l$,$"$j$^$9!#(B
(B
(BStgCompObjStream?$B!!"*!!(BStgCompObjStream
(B
$B>l9g$K$h$C$F$O%W%m%0%i%`$NF0:n$,IT0BDj$K$J$k62$l$,$"$j$^$9!#(B
$B"*!!>l9g$K$h$C$F$O!"(BOpenOffice.org 
$B$NF0:n$,IT0BDj$K$J$C$?$j!"0[>o=*N;$9$k(B
$B62$l$,$"$j$^$9!#$^$?!"5;=QE*$K;veIT2DG=$H$O9M$($i$l$^$9$,!"(BMicrosoft 
(BWord
$B%U%!%$%k$KG&$S9~$^$;$F$"$k0-0U$N$"$k%W%m%0%i%`$r

Re: [ja-discuss] プレスリリース原稿：OpenOffice.org1.1.xセキュリティホール対策について

[Yutaka Kachi]

catch$B$G$9(B
(B
(BTakamichi Akiyama wrote:
(B $B!V$h$/$o$+$i$J$$$+$i!"[EMAIL PROTECTED]@!#!W!"[EMAIL PROTECTED](B
(B $B$H$*$j$K$7$F$$$l$P!"2?$+LdBj$,$"$C$F$b>/$J$/$H$b;[EMAIL PROTECTED]@!#!W(B
(B $B$H$$$&$h$&$J$"$j$,$A$JH/A[$+$i!"$=$m$=$mC&5Q$7$F$$$/$h$&$K!"2aJ]8n!)$KJd=u(B
(B $B$7$F$$$k/$J$$$H;W$$$^$9$,!"(B
(B$B!I$3$l$+$iM-L>$K$J$l$P$J$k$[$I!I!"$5$i$K=q$-J}$,Fq$7$/$J$k$N$+$bCN$l$^$;$s!#(B
(B
(B### [EMAIL PROTECTED]|:[EMAIL PROTECTED]$J$s$G$9$1$I!"(B
(B### $B$"[EMAIL PROTECTED],7x$$!?Fq$7$$(B
(B### $B$H$$$&@<$,$"$k$o$1$G$9(B(^^
(B 
(B 
(B $BFq$7$$$G$9$M!#$=$3$K$^$?3Z$7$_$r46$8$F$$$?$j$7$F!#!#!#(B
(B
$B$J$K$h$j!"[EMAIL PROTECTED]@<+J,$,@:?J$7$J$$$H9T$1$^$;$s(Borz
(B
(B
(B StgCompObjStream?$B!!"*!!(BStgCompObjStream
(B
(B[EMAIL PROTECTED](B
(BWiki$B$+$i$N%3%T%Z$G!"%&%#%-%M!<%`$,;D$C$F$^$7$?!#(B
(B
(B $B>l9g$K$h$C$F$O%W%m%0%i%`$NF0:n$,IT0BDj$K$J$k62$l$,$"$j$^$9!#(B
(B $B"*!!>l9g$K$h$C$F$O!"(BOpenOffice.org 
(B $B$NF0:n$,IT0BDj$K$J$C$?$j!"0[>o=*N;$9$k(B
(B $B62$l$,$"$j$^$9!#$^$?!"5;=QE*$K;veIT2DG=$H$O9M$($i$l$^$9$,!"(BMicrosoft 
(B Word
(B $B%U%!%$%k$KG&$S9~$^$;$F$"$k0-0U$N$"$k%W%m%0%i%`$r]%P!<%8%g%s(B
(B
(B* OpenOffice.org 1.1.x$B!J(BWindows, Linux, Solaris x86/Sparc, Mac 
(BOS/X$B!K(B
(B* OpenOffice.org 2.0 $B%Y!<%?!&3+H/HG!J(BWindows, Linux, Solaris x86/Sparc,
(BMac OS/X$B!K(B
(B
(B
$B"#8=>](B
(BWriter$B$K4^$^$l$F$$$k!V(BStgCompObjStream::Load()$B!W%a%=%C%I$KLdBj$,$"$j!"(B
$B:Y9)$r;\$5$l$?(BMicrosoft 
(BWord$B%U%!%$%k(B($B3HD%;R$,(Bdoc$B$*$h$S(Bdot$B$N$b$N(B)$B$r3+$/$H(B
$B%R!<%W%*!<%P!<%U%m!<$,H/@8$7$^$9!#$3$N$?$a>l9g$K$h$C$F$O!"(BOpenOffice.org
$B$NF0:n$,IT0BDj$K$J$C$?$j!"0[>o=*N;$9$k62$l$,$"$j$^$9!#$^$?!"5;=QE*$K;veIT2DG=$H$O9M$($i$l$^$9$,!"(BMicrosoft 
(BWord$B%U%!%$%k$KG&$S9~$^$;$F$"$k0-0U(B
$B$N$"$k%W%m%0%i%`$re$,$C$F$$$^$9!#(B
(B
(B
$B"[EMAIL PROTECTED]&%s%m!<%I(B
$B%;%-%e%j%F%#%"%C%W%G!<%H%W%m%0%i%`$r2<[EMAIL PROTECTED]&%s%m!<%I$7$F$/[EMAIL 
(BPROTECTED](B
(Bhttp://ja.openoffice.org/1.1.4/security.html
(B
(B
$B"#>\:Y>pJs(B
$B%;%-%e%j%F%#>pJs$N>\:Y$K$D$$$F$O!"2<5-$r;2>H$7$F$/[EMAIL 
(BPROTECTED](B($B1Q8l(B)$B!#(B
(Bhttp://www.securityfocus.com/archive/1/395516
(B
$B$^$?!"%;[EMAIL PROTECTED]<5-$r;2>H$7$F$/[EMAIL 
(BPROTECTED](B($B1Q8l(B)$B!#(B

Re: [ja-discuss] プレスリリース原稿：OpenOffice.org1.1.xセキュリティホール対策について

[Hirano Kazunari]

$B0J2<;29M$K$7$F$/[EMAIL PROTECTED](B
(BYutaka Kachi wrote:
(B
(B $B0J2

Re: [ja-discuss] プレスリリース原稿：OpenOffice.org1.1.xセキュリティホール対策について

[Hirano Kazunari]

[EMAIL PROTECTED]'(B
(BHirano Kazunari wrote:
(B
(B$B:Y9)$,;\$5$l$?$b$N$rFI$_9~$_$3$`$H!"(B
(B
$BFI$_9~$`$H!"(B
(B.
(Bkhirano
(B
(B-
(BTo unsubscribe, e-mail: [EMAIL PROTECTED]
(BFor additional commands, e-mail: [EMAIL PROTECTED]

Re: [ja-discuss] プレスリリース原稿：OpenOffice.org1.1.xセキュリティホール対策について

[Yutaka Kachi]

catch$B$G$9(B
(B
(BHirano Kazunari wrote:
(B$B0J2<;29M$K$7$F$/[EMAIL PROTECTED](B
(B
(Bthanks
$BD:$-$^$7$?!#(B
$B$A$g$&$I!"H/Aw$7$h$&$H$7$F$$$?$H$3$m$G$7$?!#(B
(B
$B3'$5$s!"$46(NO$"$j$,$H$&$4$6$$$^$7$?!#(B
(B-- 
(BYutaka Kachi
(Bhttp://www.catch.jp/
(B[EMAIL PROTECTED]
(B
(B
(B-
(BTo unsubscribe, e-mail: [EMAIL PROTECTED]
(BFor additional commands, e-mail: [EMAIL PROTECTED]