OpenOffice.org has warned users that security
vulnerabilities in its open-source OpenOffice.org productivity
suite could allow remote hackers to take over their
systems.
The vulnerabilities affect users of OpenOffice.org versions
2.0.x and 1.1.x, although no known exploits so far exist in the
wild, said OpenOffice.org.
The company is urging OpenOffice.org 2.0.x users to upgrade to
the latest version, 2.0.3, which was recently released.
For OpenOffice.org 1.1.x users, a patch will be available soon
to enable them to protect their systems, said the company.
One of the vulnerabilities allows malicious hackers to use
certain Java applets to break into a secure execution environment
to access system resources.
A work-around for the problem is to disable Java applets from
current OpenOffice.org versions.
Another problem allows macro code to be injected into documents
without any notification, again allowing hackers to access
systems.
A third vulnerability allows malformed XML documents to be used
to cause a buffer overflow and crash OpenOffice.org.
Sun Microsystems’ StarOffice Office Suite is based on
OpenOffice.org, albeit with more features. Internet security
company Secunia says versions 6, 7, and 8 of Star Office are also
affected by the problems.
OpenOffice.org and Star Office compete against the dominant
Microsoft Office suite and IBM’s Lotus Notes solution.