Exploit for Word also works with OpenOffice
The exploit for the third unpatched security hole in Word reported last week also works in OpenOffice 2.1. If a prepared Word document is opened in OpenOffice Writer under Windows XP SP2, Writer crashes. The dialogue for document recovery then appears. Under Linux, the application also crashes, prompting the message that the main memory is full.
It has not yet, however, been demonstrated that code can be injected via this weak point in OpenOffice. But there are unconfirmed reports that this is possible. In contrast, the hole in Word is reportedly already being actively used to infect systems. In a test, Kaspersky's virus scanner detected the exploit and deleted the file. But not all virus scanners provide protection from such attacks, as a scan for the malicious code at Virustotal showed this week.
- Third Word hole in ten days, report at heise Security
- Update on Current Word Vulnerability Reports, report by Microsoft SRC