OpenOffice plugs code execution vulnerability

Summary:OpenOffice.org has patched a highly critical code execution vulnerability that could allow an attacker to take control of a system.

OpenOffice.org has patched a highly critical code execution vulnerability that could allow an attacker to take control of a system.

Every OpenOffice release prior to 2.3.1 is affected. According to OpenOffice, "users opening specially crafted database documents may allow attackers to execute arbitrary static Java code."

OpenOffice.org notes that "there are no predictable symptoms that would indicate this issue occurred." Secunia adds:

The vulnerability is caused due to an unspecified error in the HSQLDB database engine and can be exploited to execute arbitrary static Java code via a specially crafted database document.

Bottom line: If you're running any version other than OpenOffice.org 2.3.1 you should upgrade. You can download the new version at OpenOffice.org.

Topics: Software, Collaboration, Data Centers, Data Management, Enterprise Software, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.