All the latest UK technology news, reviews and analysis

Trio of security holes found in OpenOffice

by Shaun Nichols

22 Mar 2007

Comment: 1

  • Tweet this
OpenOffice
OpenOffice has been hit by a trio of 'highly critical' vulnerabilities

OpenOffice users have been warned to be vigilant following the disclosure of three vulnerabilities in the popular open source alternative to Microsoft Office

Security firm Secunia classified the trio of vulnerabilities as 'highly critical', the company's second-highest alert level. 

The vulnerabilities could be exploited to cause anything from a denial-of-service attack to remote execution of code.

The first vulnerability lies in the StarCalc spreadsheet component of OpenOffice. An attacker could use a specially-crafted StarCalc file to exploit the vulnerability and remotely execute code on a user's system.

Discovery of the vulnerability has been credited to security firm Next Generation Security Software

The second vulnerability, first reported by research firm iDefense, lies in the component of OpenOffice that handles WordPerfect (.wpd) files. 

If a user can be persuaded to open a specially-crafted .wpd file, an exploit could be triggered to allow an attacker to remotely execute malware, according to an iDefense advisory

The third vulnerability could allow an attacker to execute arbitrary shell commands within OpenOffice.

Linux developer group Debian said that a user who clicked on a link within a specially-crafted document would be vulnerable to the attack

Secunia has urged users to avoid opening suspicious OpenOffice files.

Do you agree?

Add your comment

Already fixed

Is this even notable? Honestly, open source security holes are a joke to fix. Not only has this problem been resolved by the time I post this, but that update is already available to everyone everywhere. Nobody should be opening suspicious attachments anyways. It's just "common" sense.

Posted by: Sy Ali 29 Mar 2007

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Open Source

Android and Java logos

Oracle dealt critical blow in Android case as judge dismisses Java copyright claim

Related white papers

Related articles

Related jobs

Today's top stories

Olympics

Top 10 steps businesses can take to prepare for the Olympics

amazon-kindle-touch-e-book-reader

Amazon Kindle Touch review

London Underground train going into tunnel

Virgin reveals 82 London Underground stations to receive Wi-Fi

Poll

Flame virus poll

Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?

34%

1%

11%

54%

Features

V3's Madeline Bennett

It's time to change tax system to bring technology manufacturing back to the UK

The V3 hotseat

The V3 Hot Seat: Imperva CTO and co-founder Amichai Shulman

Flame in monitor screen

Quick guide to Flame malware attack

cookies

Quick guide to cookie law compliance

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Symanteccloud

Social networking: a guide for IT managers

Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them

Riverbed

Mitigating the risks of IT change

The importance of understanding your infrastructure

Technology jobs

Credit Risk Modeller, SAS, London, £50,000

Credit Risk Modeller, SAS, London, £50,000 Title- Credit...

Global Project/Programme Manager-with recruitment deployment experienc

My London client is looking for an experienced Programme...

PHP Developers (All Levels)

My leading client is looking for a number of excellent...

Group Services Manager - Telecoms

My client, a leading international name in Manufacturing...

To send to more than one email address, simply separate each address with a comma.