Trio of security holes found in OpenOffice

By
Follow google news

Open source app becomes a little more like its Microsoft counterpart.

Trio of security holes found in OpenOffice
OpenOffice users have been warned to be vigilant following the disclosure of three vulnerabilities in the popular open source alternative to Microsoft Office. 

Security firm Secunia classified the trio of vulnerabilities as 'highly critical', the company's second-highest alert level. 

The vulnerabilities could be exploited to cause anything from a denial-of-service attack to remote execution of code.

The first vulnerability lies in the StarCalc spreadsheet component of OpenOffice. An attacker could use a specially-crafted StarCalc file to exploit the vulnerability and remotely execute code on a user's system.

Discovery of the vulnerability has been credited to security firm

The second vulnerability, first reported by research firm iDefense, lies in the component of OpenOffice that handles WordPerfect (.wpd) files. 

If a user can be persuaded to open a specially-crafted .wpd file, an exploit could be triggered to allow an attacker to remotely execute malware, according to an iDefense advisory

The third vulnerability could allow an attacker to execute arbitrary shell commands within OpenOffice.

Linux developer group Debian said that a user who clicked on a link within a specially-crafted document would be vulnerable to the attack. 

Secunia has urged users to avoid opening suspicious OpenOffice files.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
foundholesinofopenofficesecuritytrio

Sponsored Whitepapers

Innovate anywhere with HPE and Azure Local
Innovate anywhere with HPE and Azure Local
Cloud Covered Report: New Zealand
Cloud Covered Report: New Zealand
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
The governed agent: A new framework for responsible AI at scale
The governed agent: A new framework for responsible AI at scale
Securing Machinery of Government changes
Securing Machinery of Government changes

Events

Most Read Articles

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years
Fake IT worker threat spreads outside tech sector in Australia

Fake IT worker threat spreads outside tech sector in Australia
NAB's SecOps rethink focuses on data expert and dev hires

NAB's SecOps rethink focuses on data expert and dev hires
NAB builds integrated ops hub for threat intelligence

NAB builds integrated ops hub for threat intelligence
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?