Open Office patches six flaws

By Shaun Nichols on Feb 24, 2010 9:24 AM
Filed under Security

Productivity suite gets multiple fixes.

A new security update has been released for open source productivity suite OpenOffice.org.

The latest version of the suite includes fixes for six security vulnerabilities, four of which could potentially be exploited for arbitrary code execution. The other two flaws could potentially be used to bypass authentication protections.

OpenOffice.org said that the two authorisation flaws occurred in the libxml2 and libxmlsec components. The flaws left the two libraries unable to properly examine and authorise file signatures.

Among the four remote code execution flaws were vulnerabilities in the handling or XPM and GIF files. The organisation warned that attackers could potentially target vulnerable systems by embedding the attack files within ODF documents.

Another remote code flaw exists in the component used to load Microsoft Word files within OpenOffice.org. The organisation warned that attackers could target the flaw with specially-crafted Word documents.

Also addressed in the update is a fix for a remote code execution vulnerability in the MSVC Runtime component bundled with the suite. The organisation said that while OpenOffice.org itself was not vulnerable to attack, the component could be targeted through other applications.

 
Follow us on Facebook and Twitter
 

Copyright ©v3.co.uk

Open Office patches six flaws
 
 
 
 
 
Top Stories
Dicker Data pulling in $100 million a month
Beats sales projections in first quarter.
 
Evernote finds new allies in Aussie business push
Certifies first Australian consultants as local users reach 2 million.
 
Adelaide ISV rebrands after cracking $2m
Meet the new Adelaide Interim.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Is Microsoft right to limit the reseller channel for Surface?

Latest Comments
CRN Magazine

Issue: 332 | October 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.