All the latest UK technology news, reviews and analysis

OpenOffice.org patches six security flaws

by Shaun Nichols

More from this author

23 Feb 2010

Comment: 1

  • Tweet this
OpenOffice
The OpenOffice flaws could lead to remote code execution

OpenOffice.org has issued a security update addressing six vulnerabilities, four of which could be exploited for arbitrary code execution. The other two could be used to bypass authentication protection.

The company said that the two authorisation flaws lie in the libxml2 and libxmlsec components, and leave the two libraries unable properly to examine and authorise file signatures.

Further reading

The four remote code execution flaws include vulnerabilities in the handling of XPM and GIF files. OpenOffice.org warned that attackers could target vulnerable systems by embedding the attack files within Open Document Format files.

Another remote code flaw lies in the component used to load Microsoft Word files within OpenOffice.org. The organisation said that attackers could target the flaw with specially crafted Word documents.

The update also fixes a remote code execution vulnerability in the MSVC Runtime component bundled with the suite. OpenOffice.org is not vulnerable to this attack, but the component could be targeted through other applications.

Do you agree?

Add your comment

Nearly two weeks late

The OpenOffice.org patches were released on Feb 11. Really rather old news at this point.

Posted by: Michele 24 Feb 2010

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Open Source

Ubuntu logo

Ubuntu moves onto Android with dual-boot platform

Related white papers

Related articles

Related jobs

Today's top stories

Microsoft Windows 8 start screen

Microsoft turns SkyDrive into cloud computing storage tool for Windows 8

PlayBook BlackBerry 2.0 update from Research in Motion

Research in Motion confirms BlackBerry PlayBook 2.0 software update available

Fujitsu Primergy TX120 S3 review - tower

Fujitsu Primergy TX120 S3 review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

97%

1%

1%

0%

1%

Features

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

testjobpleaseignore (autoupload)

1329899014.71117-2574 testjobpleaseignore (autoupload...

Embedded C, Linux, RTOS, Agile, - Software Engineer - Staines

Embedded C, Linux , RTOS, Agile, MISRA – Embedded...

Software Engineer / Web Developer – Java, JavaScript, SQL

Software Engineer / Web Developer - Java, JavaScript...

C#, Oracle, Winforms, Junior Software Engineer, Central London 25-35k

C# , Oracle , Winforms, Junior Software Engineer – Central...

To send to more than one email address, simply separate each address with a comma.