The last time I used OpenOffice was back in 2002 when I was undergoing my Red Hat Certified Engineer course. Here was a free open source software that could read MS Word and Excel files. Excellent indeed albeit the occasional table errors in certain Excel documents. Now take note if you are still using old OpenOffice.org versions 1.1.x, and 2.0.x on your PCs as 3 vulnerabilities are in existence.
1. Maliciously crafted Java applets can break out of the sandbox - the security mechanism that runs untrusted code - in OpenOffice.org versions 1.1.x, and 2.0.x, the company said in a bulletin. This could give the malware full access to systems, allowing it to read or send private data, and destroy or replace files.
2.The second hole enables hackers to inject executable code into OpenOffice documents using a macro, which runs when that document is opened. The user is not asked or notified, and the macro has full access to system resources with current user's privileges, again enabling it to read or send private data, and destroy or replace files.
3. A buffer overflow vulnerability has also been discovered, by Wade Alcorn of NGSSoftware. The buffer overflow can cause a memory overload and program crash which enables a hacker to attack the affected system.
OpenOffice has urged all users of 2.0.x prior to 2.0.2 to upgrade to OpenOffice.org 2.0.3. The vulnerabilities also affect StarOffice 6.x, 7.x, and 8.x. and StarSuite 7.x and 8.x, according to security company Secunia. StarOffice and StarSuite are Sun's commercial office software offerings, based on the same code as the OpenOffice suite. Patches are available for StarOffice and StarSuite versions 7.x and 8.x.
Comment Preview