Details of security fixes in OpenOffice 2.4
In version 2.4 of the OpenOffice open-source office package, which appeared some three weeks ago, the developers have plugged some critical security holes. In order to give developers of products based on OpenOffice the opportunity to eliminate the problems too, they have only now published security advisories about the vulnerabilities.
All OpenOffice versions before 2.4 can come unstuck while processing manipulated ODF files with XForms, as a result of which injected code can be executed. OpenOffice versions from 1.1 to 2.3.1 also have problems when opening crafted Quattro Pro, EMF and OLE files that can allow execution of malicious code. No further details about these vulnerabilities are being given by the OpenOffice developers.
Users of OpenOffice should update to version 2.4 as soon as possible, if they have not already done so. They should not use older versions of OpenOffice to open unrequested documents or those not coming from trusted sources.
- download OpenOffice 2.4
- Fixed in OpenOffice.org 2.4, list of the security holes plugged in OpenOffice 2.4
- Manipulated ODF text documents containing XForms can lead to heap overflows and arbitrary code execution, security advisory from the developers of OpenOffice
- Quattro Pro files, vulnerability report from the developers of OpenOffice
- EMF Files, vulnerability report from the developers of OpenOffice
- Manipulated OLE files can lead to heap overflows and arbitrary code execution, security warning from the developers of OpenOffice