In association with heise online

28 August 2008, 16:01

Vulnerability in OpenOffice

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The current version of OpenOffice reportedly contains a security flaw that allows attackers to inject code into a system. The problem apparently only affects the 64-bit version of the office suite. No official patched version is currently available because the 64-bit binary releases only come from Linux distributors, not from developers.

The flaw has, however, already been remedied in the repositories of OpenOffice. Red Hat was one of the first distributors to publish new packages for 64-bit versions under RHEL Desktop Workstation V5 Client and Red Hat Enterprise Linux Desktop V5.

The vulnerability is the result of a flaw in the function rtl_allocateMemory on 64-bit systems; the function is designed to allow for access to memory outside of a defined array. The problem can reportedly be prevented during compilation by adding the option --with-alloc=system.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit