OpenOffice 2.4.2 fixes critical vulnerabilities
The OpenOffice development team has announced the release of version 2.4.2, which fixes two critical security vulnerabilities. According to the security advisories, the vulnerabilities are heap overflows when processing EMF and WMF files, which can be exploited using crafted documents to inject and execute malicious code. All versions prior to 2.4.2 are affected. According to the OpenOffice developers, the bugs are not present in version 3.0. OpenOffice 2.4.2 is now available to download from the OpenOffice site.
The update to OpenOffice 2.4, so soon after the release of OpenOffice 3.0 is probably explained by the fact that many users of the suite of productivity applications may be in a controlled environment, such as a government organisation, and are not able to rapidly migrate to the latest release but are prepared to install updates that do not change functionality.
See also
- Manipulated WMF files can lead to heap overflows and arbitrary code execution, security advisory from OpenOffice
- Manipulated EMF files can lead to heap overflows and arbitrary code execution, security advisory from OpenOffice
(djwm)