'Highly critical' bug bites OpenOffice

Summary:OpenOffice.org has shipped a fix for a "highly critical" vulnerability affecting versions 2.

‘Highly critical’ bug bites OpenOffice
OpenOffice.org has shipped a fix for a "highly critical" vulnerability affecting versions 2.0 to 2.4 of its open-source desktop productivity suite.

According to an advisory from Secunia, the flaw could be exploited to launch code execution attacks with manipulated document files.

From the OpenOffice.org warning:

A security vulnerability in the custom memory allocation function from OpenOffice.org may lead to heap overflows and allow a remote unprivileged user who provides a OpenOffice.org document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org. No working exploit is known right now.

Secunia says the vulnerability is caused due to an integer overflow error in "rtl_allocateMemory()" and can be exploited to cause heap-based buffer overflows via a specially crafted document.

ALSO SEE: Sun patchvertising OpenOffice with Java update

Topics: Enterprise Software, Collaboration


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.