In association with heise online

15 February 2010, 12:13

OpenOffice 3.2 fixes multiple security vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

OpenOffice Logo Not only is OpenOffice 3.2 faster and more stable, it is also more secure. As promised, the OpenOffice development team has now published details on the vulnerabilities fixed by version 3.2 of the office suite. Versions for Windows, Mac OS X and Linux are all affected. A total of seven vulnerabilities have been fixed, some of which could be exploited to inject and execute code. For an attack to be successful, a user must first open a specially crafted Word file, GIF or XPM image.

One security problem relates to the MSVC runtime library included in the Windows version of OpenOffice, which can be used to circumvent some security restrictions, such as kill bits for ActiveX controls. The update also fixes two bugs in the way cryptographic hashes are processed which could be used to fake digital signatures. With the exception of the vulnerability in MSVC, all the bugs are also present in OpenOffice 2.4.x. OpenOffice 2.4 is no longer supported and will not receive further security updates. The developers advise all users to upgrade to the latest 3.2 release.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-930854
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit