The OpenOffice.org community on Tuesday confirmed the existence of a potentially serious heap-overflow vulnerability in its freely distributed office productivity suite.
The flaw affects OpenOffice Version 1.1.4 and prior and OpenOffice Version 2.0-dev and prior and could put users at risk of code execution attacks.
OpenOffice.org community manager Louis Suarez-Potts confirmed that the vulnerability was discovered in the “StgCompObjStream::Load()” function and occurs when handling a specially crafted “.doc” file.
This could potentially be exploited by attackers to compromise a vulnerable system by convincing a user to open a malicious document with an unpatched application.
“We learned of this March 31 and will be working on it immediately. A patch is ready but it is still going through [quality assurance] testing,” Suarez-Potts told eWEEK.com. The update is expected to be available for general download within two days.
/zimages/4/28571.gifClick hereto read more about buffer overflows in Cyrus Mail Server.
The OpenOffice.org office productivity suite is compatible with Microsoft Office files and includes a word processor, spreadsheet, presentation graphics and drawing program, and provides access to popular databases.
/zimages/4/28571.gifTo read more about OpenOffice 2.0,click here.
OpenOffice.org is based on the code from an older version of StarOffice that was acquired and made open source by Sun Microsystems Inc.
/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.