The fixes take care of a pair of heap-based buffer overflow vulnerabilities involving the processing of WMFs (Windows Metafiles) and EMFs (Enhanced Metafiles), according to two bulletins
In both cases, the bugs "may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite," the advisories said.
OpenOffice.org said it was not aware of any in-the-wild attack code.
US-CERT, in an alert, recommended users immediately apply the patches.
A September 2007 Sun Microsystems survey of about 200,000 users showed that most respondents -- 41 percent -- use OpenOffice because it is free. Many users deploy the suite for their personal use, while the most active business users work in education/research or IT.
More than 90 percent of the survey's respondents are Windows users.
See original article on scmagazineus.com
_(23).jpg&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
_(28).jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
iTnews Benchmark Awards 2026
iTnews Cloud Covered Breakfast Summit
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
