Network Security, Vulnerability Management

Apache OpenOffice patches four vulnerabilities in 4.1.4 update

Apache OpenOffice patched four medium vulnerabilities in the suites word processing and graphics apps.

If exploited, an attacker could craft a document that allows reading in a file from the user's filesystem by exploiting the way OpenOffice renders embedded objects, according to an Oct. 27 OpenOffice advisory.

The threat actor could then retrieve information using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker.

The vulnerabilities included an arbitrary file disclosure flaw in Calc and Writer and three out-of-bounds flaws in Writer's WW8Fonts Constructor, Impress' PPT Filter, and Writer's ImportOldFormatStyles, respectively.

The vulnerabilities affected all Apache OpenOffice versions 4.1.3 and older and versions. Users are advised to install Apache OpenOffice 4.1.4 to prevent exploiting of the vulnerabilities.

None of the vulnerabilities, reportedly, have been exploited in the wild. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.