OpenOffice releases patches for two vulnerabilities
OpenOffice.org, an open-source cross-platform application suite, has issued patches to address two major vulnerabilities that could be remotely exploited to execute arbitrary code.The fixes take care of a pair of heap-based buffer overflow vulnerabilities involving the processing of WMFs (Windows Metafiles) and EMFs (Enhanced Metafiles), according to two bulletins.
In both cases, the bugs "may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite," the advisories said.
OpenOffice.org said it was not aware of any in-the-wild attack code.
US-CERT, in an alert, recommended users immediately apply the patches.
A September 2007 Sun Microsystems survey of about 200,000 users showed that most respondents -- 41 percent -- use OpenOffice because it is free. Many users deploy the suite for their personal use, while the most active business users work in education/research or IT.
More than 90 percent of the survey's respondents are Windows users.
