« Samsung’s Armani phone has a surprise: a haptic feedback UI
Windows DreamScene released for Vista Ultimate Users »
Security

OpenOffice bug hits multiple operating systems

Sep 25, 2007   3 pm
These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Technorati
  • Furl

ooo_writer Vulnerabilities in OpenOffice.org could allow attackers to remotely execute code on Linux, Windows or Apple Mac-based computers.

OpenOffice version 2.0.4 and earlier versions are vulnerable to maliciously crafted TIFF files, which can be delivered in an e-mail attachment, published on a Web site or shared using peer-to-peer software.


The vulnerability was discovered by researchers at iDefense, who claim that the OpenOffice TIFF parsing code is flawed.

“When parsing the TIFF directory entries for certain tags, the parser uses untrusted values from the file to calculate the amount of memory to allocate. By providing specially crafted values, an integer overflow occurs in this calculation. This results in the allocation of a buffer of insufficient size, which in turn leads to a heap overflow,”

The next version of OpenOffice (version 2.3) arrived on September 17 and is not affected by the flaw. Make sure to update your OOo.

View: Full Story
Tags: , , ,
This entry was posted on Tuesday, September 25th, 2007 at 3:05 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

Name:

eMail:

Website:

Comment: