You are here: silicon.com > Software > Security Strategy

Security Strategy

OpenOffice tackles "highly critical" hole

Urges users to patch or upgrade...

Tags: openoffice

By Richard Thurston

Published: 8 January 2007 10:32 GMT

OpenOffice.org has patched a critical vulnerability in the open source application suite.

The vulnerability concerns the way OpenOffice handles '.wmf' images. Exploitation of the vulnerability, which affects all but the newest version of OpenOffice, can enable a hacker to perform a buffer overflow and then introduce malicious code to the victim's PC.

Security advisor Secunia rates the vulnerability as "highly critical", and has urged users to patch their systems.

OpenOffice has uploaded the patch to its website. Users must manually install the file in place of its vulnerable predecessor, or upgrade to the latest version of the software, OpenOffice 2.1. Open source suppliers such as Red Hat have followed suit by releasing their own patches.

OpenOffice has become increasingly popular as a free alternative to Microsoft's Office suite. It contains all the standard business applications, including word processing, database and spreadsheet programmes.

Although this is the first '.wmf' vulnerability to hit OpenOffice, such flaws have previously affected Windows.

In early 2006, Microsoft acknowledged a critical weakness in the way Windows renders '.wmf' files, leading to the company releasing patches out of cycle. The UK parliament was attacked at the time using the vulnerability.

Richard Thurston writes for ZDNet UK

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business


  • Jobs
SQL Server DBA - New Today - MCDBA/MCTS - Oxford c40K

Stored procedures * Install, configure and perform all upgrades, patches and enhancements * Design and implement data migration It will be very ...

Systems Integration Engineer

DCA is dedicated team for Patch installation management, HealthChecks, Vulnerability scans, Antivirus administration and Service Activation and ...

Server Support- Windows-IIS-Yorkshire

Deploy and Install Critical Security patches to all Servers within you area of responsibility in accordance with Network Services LAN Operations ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: