iTnews
  • Home
  • News
  • Technology
  • Security

Trio of security holes found in OpenOffice

By Shaun Nichols
Mar 23 2007 2:52PM
Follow google news

Open source app becomes a little more like its Microsoft counterpart.

Trio of security holes found in OpenOffice
OpenOffice users have been warned to be vigilant following the disclosure of three vulnerabilities in the popular open source alternative to Microsoft Office. 

Security firm Secunia classified the trio of vulnerabilities as 'highly critical', the company's second-highest alert level. 

The vulnerabilities could be exploited to cause anything from a denial-of-service attack to remote execution of code.

The first vulnerability lies in the StarCalc spreadsheet component of OpenOffice. An attacker could use a specially-crafted StarCalc file to exploit the vulnerability and remotely execute code on a user's system.

Discovery of the vulnerability has been credited to security firm

The second vulnerability, first reported by research firm iDefense, lies in the component of OpenOffice that handles WordPerfect (.wpd) files. 

If a user can be persuaded to open a specially-crafted .wpd file, an exploit could be triggered to allow an attacker to remotely execute malware, according to an iDefense advisory. 

The third vulnerability could allow an attacker to execute arbitrary shell commands within OpenOffice.

Linux developer group Debian said that a user who clicked on a link within a specially-crafted document would be vulnerable to the attack. 

Secunia has urged users to avoid opening suspicious OpenOffice files.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
foundholesinofopenofficesecuritytrio

Related Articles

  • Anthropic releases Mythos-class model for public use Anthropic releases Mythos-class model for public use
  • Apple bumps up security in fresh operating system releases Apple bumps up security in fresh operating system releases
  • Meta accuses NSO Group of violating court order by WhatsApp spear phishing Meta accuses NSO Group of violating court order by WhatsApp spear phishing
  • Researchers build self-replicating AI worm with BYO LLM Researchers build self-replicating AI worm with BYO LLM
Join our WhatsApp Channel

Partner Content

Take control of your connectivity with Telstra’s Adaptive Networks Centre
Partner Content Take control of your connectivity with Telstra’s Adaptive Networks Centre
Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment
Promoted Content Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment
You meet the security standard. Shame no one can see it
Promoted Content You meet the security standard. Shame no one can see it
AI is delivering business value today
Partner Content AI is delivering business value today

Sponsored Whitepapers

Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
  • Security Exhibition & Conference Security Exhibition & Conference
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Researchers build self-replicating AI worm with BYO LLM

Researchers build self-replicating AI worm with BYO LLM
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.