iTnews
  • Home
  • News
  • Technology
  • Security

Open Office patches six flaws

By Shaun Nichols on Feb 25, 2010 8:53AM
Open Office patches six flaws

Productivity suite gets multiple fixes.

A new security update has been released for open source productivity suite OpenOffice.org.

The latest version of the suite includes fixes for six security vulnerabilities, four of which could potentially be exploited for arbitrary code execution. The other two flaws could potentially be used to bypass authentication protections.

OpenOffice.org said that the two authorisation flaws occurred in the libxml2 and libxmlsec components. The flaws left the two libraries unable to properly examine and authorise file signatures.

Among the four remote code execution flaws were vulnerabilities in the handling or XPM and GIF files. The organisation warned that attackers could potentially target vulnerable systems by embedding the attack files within ODF documents.

Another remote code flaw exists in the component used to load Microsoft Word files within OpenOffice.org. The organisation warned that attackers could target the flaw with specially-crafted Word documents.

Also addressed in the update is a fix for a remote code execution vulnerability in the MSVC Runtime component bundled with the suite. The organisation said that while OpenOffice.org itself was not vulnerable to attack, the component could be targeted through other applications.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
codecomponentexecutionfilesflawssecuritysuite

Partner Content

How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Winning strategies for complaints and disputes management in financial services
Promoted Content Winning strategies for complaints and disputes management in financial services
Digital signatures propel Australian Unity with rapid time to value
Digital signatures propel Australian Unity with rapid time to value
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Shaun Nichols
Feb 25 2010
8:53AM
0 Comments

Related Articles

  • Don't miss Australia’s premiere IoT Conference on 9th June
  • 5 essential digital transformation ideas
  • Top 5 Benefits of Managed IT Services
  • ASIC moves to shut some recourse avenues for scam victims
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia sets changeover date for myGov

Services Australia sets changeover date for myGov
NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul
Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs
NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026

Digital Nation

Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.