Jump to content

OpenOffice 2.3 closes security hole

Humpty

By Humpty
in Windows Security

 Share

Recommended Posts

Humpty

Humpty

Posted
Posted
In addition to several cosmetic corrections, a new chart module, an extended diagram assistant and a revised report designer, the new Version 2.3 of OpenOffice closes a security hole. Attackers can exploit the hole in previous versions to inject malicious code into the systems of unsuspecting users by means of specially crafted documents.

 

Previous versions of OpenOffice could fail when processing images in the TIFF format. Security service provider iDefense says that the OpenOffice routines that cause the problem use entries from the TIFF image's directory to calculate without further inspection how much memory to allocate. If a value is carefully chosen, an integer overflow can occur during this calculation, resulting in an allocation that is too small for the file. The buffer will overflow when the file is loaded. The program code that is then executed runs with the rights of the user who launched OpenOffice.

 

Users of previous versions of OpenOffice are advised to upgrade to the current Office suite as soon as possible. The versions for Windows and Linux can already be downloaded.

Article

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept