OpenOffice releases patches for two vulnerabilities

By on

The open-source alternative to Microsoft Office has released patches to rectify two critical flaws.

OpenOffice.org, an open-source cross-platform application suite, has issued patches to address two major vulnerabilities that could be remotely exploited to execute arbitrary code.

The fixes take care of a pair of heap-based buffer overflow vulnerabilities involving the processing of WMFs (Windows Metafiles) and EMFs (Enhanced Metafiles), according to two bulletins

In both cases, the bugs "may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite," the advisories said.

OpenOffice.org said it was not aware of any in-the-wild attack code.

US-CERT, in an alert, recommended users immediately apply the patches.

A September 2007 Sun Microsystems survey of about 200,000 users showed that most respondents -- 41 percent -- use OpenOffice because it is free. Many users deploy the suite for their personal use, while the most active business users work in education/research or IT.

More than 90 percent of the survey's respondents are Windows users.

See original article on scmagazineus.com
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?