In association with heise online

14 June 2007, 10:02

OpenOffice executes code from rtf documents

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Debian development team have released a security advisory according to which crafted rtf documents on all platforms can provoke a buffer overflow in OpenOffice and thereby inject malicious code. According to FrSIRT, the bug is located in the SwRTFParser::ReadPrtData() function in the filter/rtf/swparrtf.cxx file.

There was initially some disagreement among sources as to which versions of OpenOffice are affected but heise has established from Malte Timmermann of Sun Germany that OpenOffice 2.2.1 fixes the vulnerability. StarOffice is free of the bug from Version 8 Update 7. Updates are also available for StarOffice 6 and 7.

As well as the rtf vulnerability, the OpenOffice development team have also fixed a security vulnerability when processing crafted font files (.ttf) using the integrated FreeType library, which can also lead to execution of foreign code. Users should update to OpenOffice 2.2.1 urgently, and in the meantime exercise particular caution when deciding whether or not to open unrequested documents in rich text format.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit