OpenOffice 3.2 fixes multiple security vulnerabilities
Not only is OpenOffice 3.2 faster and more stable, it is also more secure. As promised, the OpenOffice development team has now published details on the vulnerabilities fixed by version 3.2 of the office suite. Versions for Windows, Mac OS X and Linux are all affected. A total of seven vulnerabilities have been fixed, some of which could be exploited to inject and execute code. For an attack to be successful, a user must first open a specially crafted Word file, GIF or XPM image.
One security problem relates to the MSVC runtime library included in the Windows version of OpenOffice, which can be used to circumvent some security restrictions, such as kill bits for ActiveX controls. The update also fixes two bugs in the way cryptographic hashes are processed which could be used to fake digital signatures. With the exception of the vulnerability in MSVC, all the bugs are also present in OpenOffice 2.4.x. OpenOffice 2.4 is no longer supported and will not receive further security updates. The developers advise all users to upgrade to the latest 3.2 release.
- Fixed in OpenOffice.org 3.2, security advisories from the OpenOffice Security Team.
- OpenOffice 3.2: more stability, more speed, a report from The H.