In association with heise online

18 September 2007, 11:02

OpenOffice 2.3 closes security hole

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In addition to several cosmetic corrections, a new chart module, an extended diagram assistant and a revised report designer, the new Version 2.3 of OpenOffice closes a security hole. Attackers can exploit the hole in previous versions to inject malicious code into the systems of unsuspecting users by means of specially crafted documents.

Previous versions of OpenOffice could fail when processing images in the TIFF format. Security service provider iDefense says that the OpenOffice routines that cause the problem use entries from the TIFF image's directory to calculate without further inspection how much memory to allocate. If a value is carefully chosen, an integer overflow can occur during this calculation, resulting in an allocation that is too small for the file. The buffer will overflow when the file is loaded. The program code that is then executed runs with the rights of the user who launched OpenOffice.

Users of previous versions of OpenOffice are advised to upgrade to the current Office suite as soon as possible. The versions for Windows and Linux can already be downloaded.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit