Language Selection

English French German Italian Portuguese Spanish

OpenOffice Confirms Buffer Overflow Flaw

Filed under
Security

The OpenOffice.org community on Tuesday confirmed the existence of a potentially serious heap-overflow vulnerability in its freely distributed office productivity suite.

The flaw affects OpenOffice Version 1.1.4 and prior and OpenOffice Version 2.0-dev and prior and could put users at risk of code execution attacks.

OpenOffice.org community manager Louis Suarez-Potts confirmed that the vulnerability was discovered in the "StgCompObjStream::Load()" function and occurs when handling a specially crafted ".doc" file.

This could potentially be exploited by attackers to compromise a vulnerable system by convincing a user to open a malicious document with an unpatched application.

"We learned of this March 31 and will be working on it immediately. A patch is ready but it is still going through [quality assurance] testing," Suarez-Potts told eWEEK.com. The update is expected to be available for general download within two days.

Full Story.

More in Tux Machines

Ardour 4.0 released

The Ardour project is pleased to announce the release of Ardour 4.0. This release brings many technical improvements, as well as new features and over a thousand bug fixes. The biggest changes in this release: Better cross platform support. Ardour now runs on GNU/Linux, OS X and for the first time, Windows. JACK is no longer required, making it easier than ever for new users to get Ardour up and running (though JACK is still usable with Ardour). The user interface has seen a thorough overhaul, leading to a more modern and polished experience. Read more

Android Leftovers

today's howtos

Leftovers: Software