OpenOffice
It is thought that no working exploit for the flaws exists in the wild

OpenOffice users urged to apply security fixes

Patches address a pair of critical flaws

Shaun Nichols in San Francisco

vnunet.com, 31 Oct 2008

A pair of security fixes have been posted for OpenOffice.

Users are being urged to install both updates, which address flaws in the open-source productivity suite that could be used by an attacker to remotely execute code on targeted systems.

Advertisement

Both vulnerabilities affect all versions of OpenOffice prior to the 2.4.2 release. The recently-unveiled OpenOffice 3.0 release is not believed to be at risk from either vulnerability.

The flaws centre on the way OpenOffice handles certain file types. An attacker could use a specially-crafted WMF or EMF file to cause a heap overflow error that would then leave the attacker able to execute malicious code on the targeted system.

No working exploit for either vulnerability is thought to exist in the wild. Credit for the discovery of both flaws was given to an anonymous researcher operating out of Chinese security firm SureRun.

The French Security Incident Response Team (FrSIRT) has rated both flaws as critical, the highest of its four alert levels. Both FrSIRT and the US Computer Emergency Response Team are advising users to update their copies of OpenOffice to remove the vulnerabilities.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Do you agree?

Have your say on this article

Further reading

OpenOffice logo

Demand outstrips supply for OpenOffice

Web site stutters under demand

Microsoft joins open standards group

Company will push for open messaging platform

OpenOffice 3.0 hits the web

Latest version offers new challenge to Microsoft

Related whitepapers

Related jobs

Most watched

Summit: Views From the Valley

V3.co.uk's US office weighs in on the information overload crisis

John Chambers speaks on collaboration

Cisco boss talks up new offerings

More video

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

deloitte

Summit interview: Deloitte discusses security implications of the data deluge

We chat to Mike Maddison, UK head of Security, Privacy...

ibm logo

IBM boosts mobile shopping with WebSphere Commerce

Update designed to give mobile users a richer, more personalised...

Summit: Intel discusses processors for data overload (part 2 of 2)

More thoughts on how servers can help manage overload

chrome logo

Google plans a Mac version of Chrome

A Mac-friendly version of the browser is in the pipeline

Primary Navigation