CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 29th, 2008

Highly-critical Vulnerabilities Patched In OpenOffice Suite 2.4.2

OpenOffice.org has released a new version of the open-source desktop productivity suite to patch highly-critical vulnerabilities that could expose users to arbitrary code execution attacks.

The flaws, which affect all versions prior to OpenOffice.org 2.4.2, could be exploited via manipulated WMF and EMF files in StarOffice or StarSuite documents:

CVE-2008-2237: A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now. There is no workaround.

CVE-2008-2238: A security vulnerability with the way OpenOffice 2.x process EMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now. There is no workaround.

OpenOffice.org described the bugs as file-handling heap overflows. Patches are available in OpenOffice 2.4.2. OpenOffice 3.0 is not affected by these vulnerabilities.

Share this item with others:

More on CyberInsecure:
  • Oracle Patches Critical Database Vulnerabilities
  • Microsoft Patches Critical Database And Office Flaws
  • Critical Flaws Patched In Opera 9.61, New Zero-day Vulnerability Remains Unpatched
  • Apple Safari For Windows Critical Vulnerabilities
  • Highly Critical Vulnerabilities In VLC Media Player

    • Posted in Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Wednesday, October 29th, 2008 at 9:35 pm and is filed under Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Highly-critical Vulnerabilities Patched In OpenOffice Suite 2.4.2

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »