Friday, June 30, 2006

Open Office Vulnerability

Open Office Vulnerability - The new version of OpenOffice.org 2.0.3 corrects
three vulnerabilities. Although no attacks have yet been detected that
exploit these vulnerabilities, users of this office suite are advised to
install it as soon as possible.

The first of these flaws could allow certain Java applets to break
through the "sandbox" and therefore have full access to system resources
with current user privileges. The malicious Applets could, among other
things, modify or destroy files and read or send private data.
The second problem corrected is the possibility to inject macro code
into documents which is executed transparently when opening the
document, without notifying or consulting the user. The security
consequences are similar to those of the first vulnerability.

Finally, a vulnerability has been corrected in the processing of XML
documents that could cause a buffer overflow. Exploiting this problem
could lead to the application blocking and, possibly, command execution
in the context of the current user.

All the vulnerabilities affect OpenOffice.org 1.1.5 and 2.0.x. In the
latter case, users are advised to update to OpenOffice 2.0.3, while
patches are due to be released shortly for version 1.1.5.

More information is available in the security bulletin at:
http://www.openoffice.org/

Links to this post:

Create a Link

<< Home