In association with heise online

19 December 2006, 12:23

Exploit for Word also works with OpenOffice

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The exploit for the third unpatched security hole in Word reported last week also works in OpenOffice 2.1. If a prepared Word document is opened in OpenOffice Writer under Windows XP SP2, Writer crashes. The dialogue for document recovery then appears. Under Linux, the application also crashes, prompting the message that the main memory is full.

It has not yet, however, been demonstrated that code can be injected via this weak point in OpenOffice. But there are unconfirmed reports that this is possible. In contrast, the hole in Word is reportedly already being actively used to infect systems. In a test, Kaspersky's virus scanner detected the exploit and deleted the file. But not all virus scanners provide protection from such attacks, as a scan for the malicious code at Virustotal showed this week.

image 1 [300 x 216 Pixel @ 56,8 KB]
Zoom Not all virus scanners recognize the seven day old exploit.

Also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit