OpenOffice plugs code execution vulnerability

OpenOffice.org has patched a highly critical code execution vulnerability that could allow an attacker to take control of a system.

Every OpenOffice release prior to 2.3.1 is affected. According to OpenOffice, "users opening specially crafted database documents may allow attackers to execute arbitrary static Java code."

OpenOffice.org notes that "there are no predictable symptoms that would indicate this issue occurred." Secunia adds:

The vulnerability is caused due to an unspecified error in the HSQLDB database engine and can be exploited to execute arbitrary static Java code via a specially crafted database document.

Bottom line: If you're running any version other than OpenOffice.org 2.3.1 you should upgrade. You can download the new version at OpenOffice.org.