OpenOffice suite hit by security problems

News

OpenOffice suite hit by security problems

Antony Savvas

OpenOffice.org has warned users that security vulnerabilities in its open-source OpenOffice.org productivity suite could allow remote hackers to take over their systems.

The vulnerabilities affect users of OpenOffice.org versions 2.0.x and 1.1.x, although no known exploits so far exist in the wild, said OpenOffice.org.

The company is urging OpenOffice.org 2.0.x users to upgrade to the latest version, 2.0.3, which was recently released.

For OpenOffice.org 1.1.x users, a patch will be available soon to enable them to protect their systems, said the company.

One of the vulnerabilities allows malicious hackers to use certain Java applets to break into a secure execution environment to access system resources.

A work-around for the problem is to disable Java applets from current OpenOffice.org versions.

Another problem allows macro code to be injected into documents without any notification, again allowing hackers to access systems.

A third vulnerability allows malformed XML documents to be used to cause a buffer overflow and crash OpenOffice.org.

Sun Microsystems’ StarOffice Office Suite is based on OpenOffice.org, albeit with more features. Internet security company Secunia says versions 6, 7, and 8 of Star Office are also affected by the problems.

OpenOffice.org and Star Office compete against the dominant Microsoft Office suite and IBM’s Lotus Notes solution.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy