OpenOffice hit by 'highly critical' flaw

Problems dealing with Tiff images could allow remote access

Written by Matt Chapman

vnunet.com, 18 Sep 2007

A 'highly critical' flaw has been discovered in the OpenOffice suite of products that could allow hackers to access a user's system.

The vulnerability is caused by integer overflows when processing certain tags within Tiff images.

This problem could be exploited to cause heap-based buffer overflows, possibly by tricking a user into opening a specially crafted document.

Successful exploitation could allow the execution of arbitrary code and compromise a user's system, according to Secunia, which rated the vulnerability as 'highly critical'.

The vulnerabilities are reported in versions earlier than OpenOffice 2.3 and the problem can be fixed by upgrading to the latest version of the software.

Red Hat has updated its OpenOffice packages to correct the security issue in Red Hat Enterprise Linux versions 3, 4 and 5.

OpenOffice is a free office productivity suite that includes a word processor, spreadsheet, presentation manager, formula editor and drawing program.

See also:

reader comments

related articles

Microsoft

Windows 2000 flaw highlights slow Patch Tuesday

Vista and XP spared from most dangerous vulnerabilities 12 Sep 2007

 

Apple slips security fix into iTunes update

Software exposes users to remote code execution vulnerability 07 Sep 2007

Security flaw hits MSN Messenger

Vulnerability puts users at risk of arbitrary code execution 29 Aug 2007

Security flaw hits Symantec Enterprise Firewall

Similar issues in Cisco and Checkpoint products, NTA Monitor warns 21 Aug 2007

Highly critical flaw found in Microsoft Excel

Vulnerability could be exploited to compromise a user's system 16 Aug 2007

Yahoo Messenger web chat flaw emerges

Chinese security boards reveal new vulnerability 16 Aug 2007

Microsoft

BitDefender issues fix for IE7 printing bug

Vulnerability in the way IE7 parses web pages for printing 23 May 2008

Security

Major security firms caught napping

F-Secure and Trend Micro forced to patch flaws in their own software 24 Oct 2008

Security

OpenOffice users urged to apply security fixes

Patches address a pair of critical flaws 31 Oct 2008

latest news

Exclusive: Bell Micro EMEA confims job cuts

Distributor looking to make cost savings of 10 per cent across the business 21 Nov 2008

Avnet looks forward to 2009

Chief executive Roy Vallee reveals why the distributor is confident of riding out the storm 21 Nov 2008

PC growth forecasts slashed by two-thirds

Market watcher downgrades 2009 PC growth expectations from 11.9 to 4.3 per cent 21 Nov 2008

More news

poll

Securing the future

Securing the future

Does the security channel need a governing body?

Previous poll results

Vendor Q&A Session: Rick Wallis, NEC Computers

Vendor Q&A Session: Rick Wallis, NEC Computers

During this Q&A session Rick Wallis, UK Sales Director at NEC Computers, talks about the firm’s reasons for committing to a 100 per cent channel strategy

In the Studio with CRN: Oracle

CRN TV catches up with Alan Hartwell, vice president of technology solutions and channels at Oracle

More CRN TV

events

Channel Expo 2009 logo

Channel Expo 2009

The UK's top reseller exhibition will return to the NEC on 20 May 2009

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

White papers

Search white papers

Top categories

Primary Navigation