[ news_security_news ]
OpenOffice Requires An Update
David Utter
Staff Writer
2006-06-30
 Insider Reports RSS Feed
Multiple vulnerabilities have been reported with the freely available OpenOffice productivity suite, requiring an update to a later incremental version or a patch depending on the version in use.
Users of OpenOffice version 2.0.x can go ahead and upgrade to 2.0.3 to bypass the vulnerabilities reported on the Secunia advisory site. Those who use 1.1.x will have to wait for a patch for 1.1.5 to be released shortly.
The Secunia advisory rated the issues with OpenOffice as "moderately critical." That generally means a service vulnerability or a Denial of Service condition could be exploited remotely, but requires local user interaction to do so.
A trio of issues has prompted the advisory and the resulting action by OpenOffice developers to update the software. Improperly handled Java applets could bypass the OpenOffice sandbox and gain access to resources at the local user's level of permission.
Macros pose a problem as they could run without warning a user when a document would be opened. A malicious document could attack the flaw and execute arbitrary code without warning the user a macro had executed on opening the document.
XML documents could be crafted in a way that their handling would take advantage of a boundary error. An exploit of that condition could trigger a buffer overflow, and the execution of arbitrary code.
---
Tag: OpenOffice
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Get all the updates in RSS: 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
