OpenOffice.org has warned of three serious security holes which could allow attackers to damage or take control of systems via specially crafted documents. The bugs also affect Sun’s commercial StarOffice suite, based on OpenOffice.
The first bug involves the handling of Java applets embedded in OpenOffice. Malicious Java applets can exploit the flaw to bypass ordinary sandbox security restrictions to gain access to system resources with the privileges of the current user.
A second bug, in the way macros are handled, allows macros to execute Basic code with full system access, and without any user notification, as soon as a malicious document is opened, OpenOffice.org said. “As a result, the macro may delete/replace files, read/send private data and/or cause additional security issues,” the advisory warned. “Disabling document macros will not prevent this issue.”
Thirdly, a bug in the handling of some XML documents can trigger a buffer overflow, causing the program to crash and allowing attackers to execute malicious code.