OpenOffice executes code from rtf documents
The Debian development team have released a security advisory according to which crafted rtf documents on all platforms can provoke a buffer overflow in OpenOffice and thereby inject malicious code. According to FrSIRT, the bug is located in the SwRTFParser::ReadPrtData() function in the filter/rtf/swparrtf.cxx file.
There was initially some disagreement among sources as to which versions of OpenOffice are affected but heise has established from Malte Timmermann of Sun Germany that OpenOffice 2.2.1 fixes the vulnerability. StarOffice is free of the bug from Version 8 Update 7. Updates are also available for StarOffice 6 and 7.
As well as the rtf vulnerability, the OpenOffice development team have also fixed a security vulnerability when processing crafted font files (.ttf) using the integrated FreeType library, which can also lead to execution of foreign code. Users should update to OpenOffice 2.2.1 urgently, and in the meantime exercise particular caution when deciding whether or not to open unrequested documents in rich text format.
- New OpenOffice.org packages fix arbitrary code execution, security advisory from the Debian development team