Open Office patches six flaws

By on
Open Office patches six flaws

Productivity suite gets multiple fixes.

A new security update has been released for open source productivity suite OpenOffice.org.

The latest version of the suite includes fixes for six security vulnerabilities, four of which could potentially be exploited for arbitrary code execution. The other two flaws could potentially be used to bypass authentication protections.

OpenOffice.org said that the two authorisation flaws occurred in the libxml2 and libxmlsec components. The flaws left the two libraries unable to properly examine and authorise file signatures.

Among the four remote code execution flaws were vulnerabilities in the handling or XPM and GIF files. The organisation warned that attackers could potentially target vulnerable systems by embedding the attack files within ODF documents.

Another remote code flaw exists in the component used to load Microsoft Word files within OpenOffice.org. The organisation warned that attackers could target the flaw with specially-crafted Word documents.

Also addressed in the update is a fix for a remote code execution vulnerability in the MSVC Runtime component bundled with the suite. The organisation said that while OpenOffice.org itself was not vulnerable to attack, the component could be targeted through other applications.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
code component execution files flaws security suite

Sponsored Whitepapers

10 questions to ask before you select a Network Performance Management tool
10 questions to ask before you select a Network Performance Management tool
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Unlock faster time-to-revenue using Adobe digital document processes
Unlock faster time-to-revenue using Adobe digital document processes
How Security as Code changes development and deployment for the cloud
How Security as Code changes development and deployment for the cloud
Tackle new ITSM priorities with this seven-step Micro Focus guide
Tackle new ITSM priorities with this seven-step Micro Focus guide

Events

Most Read Articles

AWS cautions gov against rushing in more cyber security regulations

AWS cautions gov against rushing in more cyber security regulations
Australia Post trials running post office processes on a smartphone

Australia Post trials running post office processes on a smartphone
Telstra 'gamifies' cloud cost reduction efforts among internal teams

Telstra 'gamifies' cloud cost reduction efforts among internal teams
CBA to treat its software like "food in the fridge"

CBA to treat its software like "food in the fridge"

Digital Nation

Expect dramatic value chain disruptions every four years: McKinsey Global Institute
Expect dramatic value chain disruptions every four years: McKinsey Global Institute
COVER STORY: Data centre sustainability scrutiny puts emissions in the spotlight
COVER STORY: Data centre sustainability scrutiny puts emissions in the spotlight
Digital leaders master collaboration, reskilling and culture: Didier Bonnet
Digital leaders master collaboration, reskilling and culture: Didier Bonnet
HR platform consolidation unlocks the value of data at Aurecon
HR platform consolidation unlocks the value of data at Aurecon
Next generation of Digital Giants growing faster than the originals: Ray Wang
Next generation of Digital Giants growing faster than the originals: Ray Wang

Log In

Email:
Password:
  |  Forgot your password?