Application security, Incident Response, Network Security, Patch/Configuration Management, TDR, Vulnerability Management

OpenOffice releases patches for two vulnerabilities

OpenOffice.org, an open-source cross-platform application suite, has issued patches to address two major vulnerabilities that could be remotely exploited to execute arbitrary code.

The fixes take care of a pair of heap-based buffer overflow vulnerabilities involving the processing of WMFs (Windows Metafiles) and EMFs (Enhanced Metafiles), according to two bulletins.

In both cases, the bugs "may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite," the advisories said.

OpenOffice.org said it was not aware of any in-the-wild attack code.

US-CERT, in an alert, recommended users immediately apply the patches.

A September 2007 Sun Microsystems survey of about 200,000 users showed that most respondents -- 41 percent -- use OpenOffice because it is free. Many users deploy the suite for their personal use, while the most active business users work in education/research or IT.

More than 90 percent of the survey's respondents are Windows users.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.