OpenOffice.org has released a security update for its open-source office software suite following the discovery of three critical security vulnerabilities.
All versions 1.1.x and the latest version 2.0.x of OpenOffice are affected by these security flaws. Users are advised to upgrade to version 2.0.3 or wait for the upcoming patch to upgrade to version 1.1.5.
The three new security vulnerabilities in the open-source office suite were identified during an internal audit.
The first vulnerability pertains to small Java applications (Java applets) that could potentially break their designated “sandbox” or secure operating environment.
The next vulnerability relates to the handling of macros. This flaw may allow the execution of macros even if the user has disabled the functionality that permits them to run.
The final vulnerability concerns the handling of XML file formatting. This security issue could enable hackers to create a malicious XML file and trick users into opening it, which could result in a buffer overflow error to inject harmful code into the affected system.
Users can download the security update for OpenOffice at http://www.openoffice.org/security/bulletin-20060629.html
StarOffice—the commercial office application suite based on OpenOffice’s programming framework—also suffers from similar vulnerabilities. Patches for StarOffice/StarSuite versions 8.x and 7.x have been released to address these security issues.
Hoang Dung
