In association with heise online

30 November 2006, 15:37

PowerPoint files infiltrate malicious code into KOffice

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Following the release of version 1.6, the developers of KOffice had intended to concentrate on developing version 2.0. However, as well as a number of bugs, a critical security vulnerability has forced them to release a bug fix release 1.6.1. This fixes a buffer overflow error in the KPresenter presentation program, which can be provoked by manipulated PowerPoint files in the import filter. An attacker could crash the application using prepared files. It is probably also possible to place code on the stack and execute it with the user's privileges.

It would be possible to receive such a file as an e-mail attachment or by download. There have already been similar attacks on Windows users, in which malicious PPT files have infected a computer with malware via vulnerable PowerPoint installations. The bug in KPresenter is therefore, in the developers' opinion, reason enough to install the new version of KOffice. The other 100 or so non-security related bug fixes and improvements are more of a bonus. Linux distributors are already releasing updated KOffice packages.

As well as the security fixes and bug fixes, KOffice developers have also added minor new features to the image editing program Krita (colour levels filter) and the database program Kexi (parameter queries, lookup columns).

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit