Jump to content
TCH-Thomas

Openoffice Multiple Vulnerabilities

Recommended Posts

Secunia writes:

Description:

Some vulnerabilities have been reported in OpenOffice, which can be exploited by malicious people to compromise a user's system.

 

1) An error exists within the handling of certain Java applets in OpenOffice documents. This can exploited by malicious Java applets to bypass sandbox restrictions and gain full access to system resources with current user privileges.

 

2) An error exists within the handling of Macros embedded in documents. This can be exploited to execute arbitrary Basic code with full access to system resources without any user notification, when a malicious document is opened.

 

3) A boundary error exists within the handling of certain XML documents. This can be exploited to cause a buffer overflow and may allow arbitrary code execution when a specially crafted XML document is opened.

 

The vulnerabilities have been reported in version 1.1.x and 2.0.x.

 

Solution:

Update to the fixed version or apply patches when available.

 

OpenOffice 2.0.x:

Update to version 2.0.3.

http://download.openoffice.org/2.0.3/index.html

 

OpenOffice 1.1.x:

A patch for version 1.1.5 will reportedly be released shortly. The vendor recommends disabling Java Applets as a workaround for vulnerability #1.

Share this post


Link to post
Share on other sites

Thanks Thomas!

 

New version? You mean we don't have to wait 3-5 weeks for a patch to come out? Oh, yeah, that's right, it's open source - not Microsoft! :)

Share this post


Link to post
Share on other sites

Got someone in our office that uses it on a key so let him know to upgrade!

Thanks for heads up!

Share this post


Link to post
Share on other sites

Thanks, Thomas!!

Share this post


Link to post
Share on other sites

Grr, I just compiled OpenOffice on my FreeBSD system a couple days ago to bring it up to 2.0.3rc6... and now rc7 is available. Here's to another 36 hour build :)

Share this post


Link to post
Share on other sites

DOH! 36 hour build to bring it up to 2.0.3rc7. Re-sync my ports tree. And lookie here... 2.0.3 final. Yet another 36 hour build.

Share this post


Link to post
Share on other sites

Aaron: Are you using dial-up or an old computer?

Edited by stevevan

Share this post


Link to post
Share on other sites

The system in question is a P3/500 with 640MB RAM. While it's old, it's steady and solid. That's why it takes so long.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...