OpenOffice.org patches six security flaws

The OpenOffice flaws could lead to remote code execution

OpenOffice.org has issued a security update addressing six vulnerabilities, four of which could be exploited for arbitrary code execution. The other two could be used to bypass authentication protection.

The company said that the two authorisation flaws lie in the libxml2 and libxmlsec components, and leave the two libraries unable properly to examine and authorise file signatures.

The four remote code execution flaws include vulnerabilities in the handling of XPM and GIF files. OpenOffice.org warned that attackers could target vulnerable systems by embedding the attack files within Open Document Format files.

Another remote code flaw lies in the component used to load Microsoft Word files within OpenOffice.org. The organisation said that attackers could target the flaw with specially crafted Word documents.

The update also fixes a remote code execution vulnerability in the MSVC Runtime component bundled with the suite. OpenOffice.org is not vulnerable to this attack, but the component could be targeted through other applications.