OpenOffice.org has issued a security update addressing six vulnerabilities, four of which could be exploited for arbitrary code execution. The other two could be used to bypass authentication protection.
The company said that the two authorisation flaws lie in the libxml2 and libxmlsec components, and leave the two libraries unable properly to examine and authorise file signatures.
The four remote code execution flaws include vulnerabilities in the handling of XPM and GIF files. OpenOffice.org warned that attackers could target vulnerable systems by embedding the attack files within Open Document Format files.
Another remote code flaw lies in the component used to load Microsoft Word files within OpenOffice.org. The organisation said that attackers could target the flaw with specially crafted Word documents.
The update also fixes a remote code execution vulnerability in the MSVC Runtime component bundled with the suite. OpenOffice.org is not vulnerable to this attack, but the component could be targeted through other applications.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago