OpenOffice patches 'highly critical' flaw

By Richard Thurston, ZDNet UK
Monday, January 08, 2007 12:19 PM

OpenOffice.org has patched a critical vulnerability in the open-source application suite.

The vulnerability concerns the way OpenOffice handles images in the WMF graphics file format. Exploitation of the vulnerability, which affects all but the newest version of OpenOffice, can enable a hacker to perform a buffer overflow and then introduce malicious code to the victim's PC.

Security adviser Secunia rates the vulnerability as "highly critical" and has urged people to patch their systems.

OpenOffice has uploaded the patch to its Web site. People must manually install the file in place of its vulnerable predecessor or upgrade to the latest version of the software, OpenOffice 2.1. Open-source suppliers such as Red Hat have released their own patches.

OpenOffice has become increasingly popular as a free alternative to Microsoft's Office suite. It contains all the standard business applications, including word processing, database and spreadsheet programs.

Although this is the first WMF vulnerability known to exist in OpenOffice, such flaws have been plaguing Windows for some time.

In early 2006, Microsoft acknowledged a critical weakness in the way Windows renders WMF files, leading to the company releasing patches out of cycle. The U.K. parliament was attacked at the time via the vulnerability.


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.


Tech Jobs Now!

Search for your ideal tech job:

News from Countries/Region

Common ways IT wastes money on development

Web Development

Examples include using developers as support staff and failing to calculate a project's ROI before giving it the go-ahead.


Read more »



  • Enterprise 2.0

    Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
    Play video


  • Nehalem Architecture

    What makes next-generation Intel® Microarchitecture (Nehalem) such a superior successor?
    Play video

 
On demand CRM goes strategic
CRM technology has come of age, and is now able to align with your customer strategy and grow in step with your business.

» Learn more about Oracle’s CRM Solutions


Free the untapped potential of your IT infrastructure
Reduce bottlenecks to drive the efficiency and productivity of Business IT.
» Ultimate virtualization blade
» Scalable SAN solution
» Accelerate service delivery

Could this be the most critical budget for India?

Blog thumbnail

For business journalists in India, budget time is excitement time. It's like sports journos covering the Olympics. As a newspaper correspondent, I too had my fill of budget-time excitement. But..... by Swati Prasad

Read more »

Tags

  1. attack
  2. bank
  3. blog
  4. data security
  5. e - mail
  6. hacking
  7. internet
  8. malware
  9. microsoft corp.
  10. network
  11. network security
  12. pc security
  13. researcher
  14. security
  15. security management
  16. software
  17. spam and phishing
  18. u.s.
  19. viruses and worms
  20. web