/>
X

OpenOffice hit by 'highly critical' vulnerability

WMF flaw allows hackers to attack open-source users, who should upgrade or patch
zd-defaultauthor-richard-thurston.jpg
Written by Richard Thurston on

OpenOffice.org has patched a critical vulnerability in the open-source application suite.

The vulnerability concerns the way OpenOffice handles .wmf images. Exploitation of the vulnerability, which affects all but the newest version of OpenOffice, can enable a hacker to perform a buffer overflow and then introduce malicious code to the victim's PC.

Security advisor Secunia rates the vulnerability as "highly critical", and it has urged users to patch their systems.

OpenOffice has uploaded the patch to its website. Users must manually install the file in place of its vulnerable predecessor, or upgrade to the latest version of the software, OpenOffice 2.1. Open-source suppliers such as Red Hat have followed suit by releasing their own patches.

OpenOffice has become increasingly popular as a free alternative to Microsoft's Office suite. It contains all the standard business applications, including word processing, database and spreadsheet programmes.

Although this is the first .wmf vulnerability to hit OpenOffice, such flaws have been a thorn in the side for Windows.

In early 2006, Microsoft acknowledged a critical weakness in the way Windows renders .wmf files, leading to the company releasing patches out of cycle. The UK parliament was attacked at the time using the vulnerability.

Related

This stuff is better than compressed air for cleaning your dirty tech
img-6864

This stuff is better than compressed air for cleaning your dirty tech

Office Hardware & Appliances
Google looks to reduce pushback bias in developers' software code review
close up programmer man hand typing on keyboard at computer desktop for input coding language to software for fix bug and defect of system in operation room , technology concept

Google looks to reduce pushback bias in developers' software code review

Developer
Linus Torvalds is cautiously optimistic about bringing Rust into Linux kernel's next release
rusty gears

Linus Torvalds is cautiously optimistic about bringing Rust into Linux kernel's next release

Enterprise Software