ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

OpenOffice hit by 'highly critical' vulnerability

Richard Thurston ZDNet.co.uk

Published: 05 Jan 2007 12:22 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

OpenOffice.org has patched a critical vulnerability in the open-source application suite.

The vulnerability concerns the way OpenOffice handles .wmf images. Exploitation of the vulnerability, which affects all but the newest version of OpenOffice, can enable a hacker to perform a buffer overflow and then introduce malicious code to the victim's PC.

Security advisor Secunia rates the vulnerability as "highly critical", and it has urged users to patch their systems.

OpenOffice has uploaded the patch to its website. Users must manually install the file in place of its vulnerable predecessor, or upgrade to the latest version of the software, OpenOffice 2.1. Open-source suppliers such as Red Hat have followed suit by releasing their own patches.

OpenOffice has become increasingly popular as a free alternative to Microsoft's Office suite. It contains all the standard business applications, including word processing, database and spreadsheet programmes.

Although this is the first .wmf vulnerability to hit OpenOffice, such flaws have been a thorn in the side for Windows.

In early 2006, Microsoft acknowledged a critical weakness in the way Windows renders .wmf files, leading to the company releasing patches out of cycle. The UK parliament was attacked at the time using the vulnerability.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
134 out of 156 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

S48892: SAP Specialist - 3rd Line Support

Monitor vendors release notes and plan necessary upgrades and patches as required. Key Responsibilities: - Install, configure, maintain SAP R/3, BW, ...

Data Governance Architect

You should be able to convincingly explain how migrations from non heterogeneous environments may be supported by the data architecture; - ...

IT Security analyst - Security qualified - Wintel - hands on - BANKING

The role is to support the IT Security Manager in the provision of day-to-day IT Security services to all Business Units and acting as an effective ...

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Sentry Posts Blog

Mobile Linux Better For Mobile Busines...

Mobile Linux Better For Mobile Business Apps? Author: Eric Everson, MyMobiSafe.com As mobile Linux is carving it’s footprint on the future of mobile application development, the... More

Post a comment

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation