OpenOffice.org has warned users that security vulnerabilities in its open-source OpenOffice.org productivity suite could allow remote hackers to take over their systems.
The vulnerabilities affect users of OpenOffice.org versions 2.0.x and 1.1.x, although no known exploits so far exist in the wild, said OpenOffice.org.
The company is urging OpenOffice.org 2.0.x users to upgrade to the latest version, 2.0.3, which was recently released.
For OpenOffice.org 1.1.x users, a patch will be available soon to enable them to protect their systems, said the company.
One of the vulnerabilities allows malicious hackers to use certain Java applets to break into a secure execution environment to access system resources.
A work-around for the problem is to disable Java applets from current OpenOffice.org versions.
Another problem allows macro code to be injected into documents without any notification, again allowing hackers to access systems.
A third vulnerability allows malformed XML documents to be used to cause a buffer overflow and crash OpenOffice.org.
Sun Microsystems’ StarOffice Office Suite is based on OpenOffice.org, albeit with more features. Internet security company Secunia says versions 6, 7, and 8 of Star Office are also affected by the problems.
OpenOffice.org and Star Office compete against the dominant Microsoft Office suite and IBM’s Lotus Notes solution.