OpenOffice patches three security holes

OpenOffice.org has warned of three serious security holes which could allow attackers to damage or take control of systems via specially crafted documents. The bugs also affect Sun’s commercial StarOffice suite, based on OpenOffice.

The first bug involves the handling of Java applets embedded in OpenOffice. Malicious Java applets can exploit the flaw to bypass ordinary sandbox security restrictions to gain access to system resources with the privileges of the current user.

A second bug, in the way macros are handled, allows macros to execute Basic code with full system access, and without any user notification, as soon as a malicious document is opened, OpenOffice.org said. “As a result, the macro may delete/replace files, read/send private data and/or cause additional security issues,” the advisory warned. “Disabling document macros will not prevent this issue.”

Thirdly, a bug in the handling of some XML documents can trigger a buffer overflow, causing the program to crash and allowing attackers to execute malicious code.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: