CVE-2012-2665: Few weeks after releasing the LibreOffice 3.5.5, The Document Foundation has confirmed that security holes in earlier versions of the open source LibreOffice .
According to the security advisory, Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice.
An attacker could create a specially-crafted file in the Open Document Format for Office Applications (ODF) format which when opened could cause arbitrary code execution.
Versions up to and including LibreOffice 3.5.4 are affected; Users are advised to upgrade your software to version 3.5.5 or 3.6.0.
