OpenOffice TIFF flaw affects Windows, Linux and Mac
Security experts have discovered TIFF-based buffer overflow vulnerabilities in OpenOffice, which could allow attackers to remotely execute code on Linux, Windows or Apple Mac-based computers.
OpenOffice versions 2.0.4 and prior are vulnerable to maliciously crafted TIFF file, which could be delivered in an e-mail attachment, published on a Web site or shared using P2P software. The next version of OpenOffice (version 2.3) arrived on 17 September and is not affected by the flaw.
The vulnerability was discovered by researchers at iDefense, who claim that the OpenOffice TIFF parsing code is flawed.
"At this stage, it's only confirmed on Linux," said Baumhoff.