X
Tech
Home Tech Security

OpenOffice patches file-processing flaws

An update to the productivity suite, found on the Asus Eee and other netbooks, has been issued to fix two problems that could let outsiders in
Written by Tom Espiner, Contributor

OpenOffice has updated its productivity suite to patch two flaws that could lead to arbitrary code execution.

OpenOffice.org is commonly found on Linux netbooks and is Ubuntu's standard spreadsheet, word processor, database and presentation package.

The flaws affect all versions of OpenOffice.org prior to 2.4.2. One flaw, detailed in security alert CVE-2008-2237, lies in the way OpenOffice 2.x processes WMF files. The other flaw, detailed in CVE-2008-2238, is due to the way OpenOffice 2.x processes EMF files.

Both vulnerabilities may allow a remote unprivileged user who tricks a local user into opening a manipulated a StarOffice or StarSuite document to execute arbitrary commands on the system. No working exploit is known at the moment for either flaw.

Some netbook makers have turned to OpenOffice's productivity applications for inclusion on models powered by Linux. The Asus Eee comes with OpenOffice 2.0 and both Acer's Aspire One and Everex's Cloudbook come with version 2.3.

There are no workarounds. Both issues are addressed in OpenOffice.org 2.4.2. OpenOffice.org 3.0 is not affected by these vulnerabilities.

Editorial standards
Show Comments

Related

asus-zenbook-14-main

The work laptop I recommend to most people is not made by Apple or Lenovo

Microsoft Copilot

7 reasons I use Copilot instead of ChatGPT

Bose QuietComfort Ultra case

Why I travel with Bose's QuietComfort Ultra headphones instead of the Sony XM5