Smokey's Security Weblog

veritas odium parit

Highly critical vulnerabilities in all OpenOffice versions prior to v2.4.2

According to heise Security, despite the fact that OpenOffice v3.0 is released, many users of the suite of productivity applications may be in a controlled environment, such as a government organisation, and are not able to rapidly migrate to the latest release but are prepared to install updates that do not change functionality. For these users this OpenOffice v2.x highly critical vulnerabilities alert is important, they are advised to upgrade asap to v2.4.2

The vulnerabilities in all OpenOffice versions prior to v2.4.2 are:

1. A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.

2. A security vulnerability with the way OpenOffice 2.x process EMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.

Sources and background information:

WMF security advisory from OpenOffice
EMF security advisory from OpenOffice
heise Security

Advertisements

October 30, 2008 - Posted by | Advisories, Alerts, Downloads, Friends, Malware, Recommended External Security Related Links, Uncategorized, Vulnerabilities | , , , , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: