OpenOffice 2.3 closes security hole
In addition to several cosmetic corrections, a new chart module, an extended diagram assistant and a revised report designer, the new Version 2.3 of OpenOffice closes a security hole. Attackers can exploit the hole in previous versions to inject malicious code into the systems of unsuspecting users by means of specially crafted documents.
Previous versions of OpenOffice could fail when processing images in the TIFF format. Security service provider iDefense says that the OpenOffice routines that cause the problem use entries from the TIFF image's directory to calculate without further inspection how much memory to allocate. If a value is carefully chosen, an integer overflow can occur during this calculation, resulting in an allocation that is too small for the file. The buffer will overflow when the file is loaded. The program code that is then executed runs with the rights of the user who launched OpenOffice.
Users of previous versions of OpenOffice are advised to upgrade to the current Office suite as soon as possible. The versions for Windows and Linux can already be downloaded.
- Manipulated TIFF files can lead to heap overflows and arbitrary code execution, security advisory released by the developers of OpenOffice
- Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities, iDefense's security advisory