Sign up for the Security newsletter

OpenOffice tackles "highly critical" hole

Urges users to patch or upgrade...

By Richard Thurston on 8 January 2007 10:32

NEWS

OpenOffice.org has patched a critical vulnerability in the open source application suite.

The vulnerability concerns the way OpenOffice handles '.wmf' images. Exploitation of the vulnerability, which affects all but the newest version of OpenOffice, can enable a hacker to perform a buffer overflow and then introduce malicious code to the victim's PC.

Security advisor Secunia rates the vulnerability as "highly critical", and has urged users to patch their systems.

OpenOffice has uploaded the patch to its website. Users must manually install the file in place of its vulnerable predecessor, or upgrade to the latest version of the software, OpenOffice 2.1. Open source suppliers such as Red Hat have followed suit by releasing their own patches.

OpenOffice has become increasingly popular as a free alternative to Microsoft's Office suite. It contains all the standard business applications, including word processing, database and spreadsheet programmes.

Although this is the first '.wmf' vulnerability to hit OpenOffice, such flaws have previously affected Windows.

In early 2006, Microsoft acknowledged a critical weakness in the way Windows renders '.wmf' files, leading to the company releasing patches out of cycle. The UK parliament was attacked at the time using the vulnerability.

Richard Thurston writes for ZDNet UK

Comments

There are 3 comments. Join the discussion

  1. 1. Reader

    Can you post the URL where this patch can be downloaded - having spent 10 minutes searching their website I still can't find it.

    • 9 January 2007 10:32
    • Add comment

  2. 2. Chris Wynne

    This article seems to refer to a patch, albeit refered to by a security company not necessarily OOo. No such patch seems evident that I can find, and although 2.1 is quite recent, I would have thought that OOo would have made a patch available for existing systems prior to 2.1

    Anyone know where it might be???

    • 10 January 2007 08:18
    • Add comment

  3. 3. Jeremy Perkins

    Well according to the article OpenOffice have made a patch available, so silicon.com must know where it is, or at least whoever wrote the article must know where it is and/or how to get it.

    Can Richard Thurston therefore please tell us where it is, or if he didn't write the article can he ask whoever did write the article for him.

    • 10 January 2007 18:32
    • Add comment

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your silicon.com account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ

Get silicon.com's daily newsletter

  • Register on silicon.com

    Enter your email to register

Keep in touch with silicon.com

silicon.com newsletters