OpenOffice plugs code execution vulnerability

OpenOffice plugs code execution vulnerability

Summary: OpenOffice.org has patched a highly critical code execution vulnerability that could allow an attacker to take control of a system.

SHARE:

OpenOffice.org has patched a highly critical code execution vulnerability that could allow an attacker to take control of a system.

Every OpenOffice release prior to 2.3.1 is affected. According to OpenOffice, "users opening specially crafted database documents may allow attackers to execute arbitrary static Java code."

OpenOffice.org notes that "there are no predictable symptoms that would indicate this issue occurred." Secunia adds:

The vulnerability is caused due to an unspecified error in the HSQLDB database engine and can be exploited to execute arbitrary static Java code via a specially crafted database document.

Bottom line: If you're running any version other than OpenOffice.org 2.3.1 you should upgrade. You can download the new version at OpenOffice.org.

Topics: Software, Collaboration, Data Centers, Data Management, Enterprise Software, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Not black and white

    [i]Bottom line: If you?re running any version other than OpenOffice.org 2.3.1 you should upgrade.[/i]

    ... assuming that HSQLDB is installed, which isn't by any means certain. For those of us who don't use it, the bug is a non-issue.
    Yagotta B. Kidding
  • RE: OpenOffice plugs code execution vulnerability

    "[i]Every OpenOffice release [u]prior[/u] to 2.3.1[/i] ....

    and ?
    Dr-T
    • Not everyone upgrades

      Even setting cost aside, organizations standardize on specific versions, and not everyone can or will run the "latest".

      Bugs in legacy versions of office suites are very serious, and they need to be fixed IN THE OLD VERSION.
      KTLA
  • NeoOffice

    Lets hope that NeoOffice responds to this quickly, I have filled this in their bugzilla setup: http://bugzilla.neooffice.org/bug.php?op=show&bugid=2793&pos=0

    - John Musbach
    John Musbach