TCH-Thomas Posted June 30, 2006 Posted June 30, 2006 Secunia writes: Description:Some vulnerabilities have been reported in OpenOffice, which can be exploited by malicious people to compromise a user's system. 1) An error exists within the handling of certain Java applets in OpenOffice documents. This can exploited by malicious Java applets to bypass sandbox restrictions and gain full access to system resources with current user privileges. 2) An error exists within the handling of Macros embedded in documents. This can be exploited to execute arbitrary Basic code with full access to system resources without any user notification, when a malicious document is opened. 3) A boundary error exists within the handling of certain XML documents. This can be exploited to cause a buffer overflow and may allow arbitrary code execution when a specially crafted XML document is opened. The vulnerabilities have been reported in version 1.1.x and 2.0.x. Solution: Update to the fixed version or apply patches when available. OpenOffice 2.0.x: Update to version 2.0.3. http://download.openoffice.org/2.0.3/index.html OpenOffice 1.1.x: A patch for version 1.1.5 will reportedly be released shortly. The vendor recommends disabling Java Applets as a workaround for vulnerability #1. Quote
Deverill Posted June 30, 2006 Posted June 30, 2006 Thanks Thomas! New version? You mean we don't have to wait 3-5 weeks for a patch to come out? Oh, yeah, that's right, it's open source - not Microsoft! Quote
Samrc Posted June 30, 2006 Posted June 30, 2006 Got someone in our office that uses it on a key so let him know to upgrade! Thanks for heads up! Quote
charle97 Posted June 30, 2006 Posted June 30, 2006 (edited) does this advisory apply to linux? Edited June 30, 2006 by charle97 Quote
cajunman4life Posted July 1, 2006 Posted July 1, 2006 Grr, I just compiled OpenOffice on my FreeBSD system a couple days ago to bring it up to 2.0.3rc6... and now rc7 is available. Here's to another 36 hour build Quote
cajunman4life Posted July 2, 2006 Posted July 2, 2006 DOH! 36 hour build to bring it up to 2.0.3rc7. Re-sync my ports tree. And lookie here... 2.0.3 final. Yet another 36 hour build. Quote
stevevan Posted July 2, 2006 Posted July 2, 2006 (edited) Aaron: Are you using dial-up or an old computer? Edited July 2, 2006 by stevevan Quote
cajunman4life Posted July 2, 2006 Posted July 2, 2006 The system in question is a P3/500 with 640MB RAM. While it's old, it's steady and solid. That's why it takes so long. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.