Several holes in OpenOffice
In addition to the known security hole through which manipulated WordPerfect documents can inject malicious code into OpenOffice, the software has been found to contain additional vulnerabilities that attackers could exploit by means of manipulated documents. Specially prepared StarCalc documents can also cause injected program code to be executed. In addition, attackers can misuse links embedded in documents to execute shell commands.
In their security advisory, the developers of Debian do not provide any details about these vulnerabilities. They merely state that OpenOffice can cause a buffer overflow during the processing of StarCalc documents. It is allegedly quite easy for attackers to exploit this vulnerability in order to inject their own code into third-party computers. Furthermore, the Office suite does not correctly convert links in documents; as a result, merely clicking on a specially prepared link in a document can cause shell code to be executed on your computer.
Up to now, no patched version of OpenOffice has been released. Users of OpenOffice are therefore advised to refrain from opening any documents that are not explicitly from trustworthy sources.
- openoffice.org -- several vulnerabilities, Debian's security advisory