OpenOffice patches three security holes has warned of three serious security holes which could allow attackers to damage or take control of systems via specially crafted documents. The bugs also affect Sun’s commercial StarOffice suite, based on OpenOffice.

The first bug involves the handling of Java applets embedded in OpenOffice. Malicious Java applets can exploit the flaw to bypass ordinary sandbox security restrictions to gain access to system resources with the privileges of the current user.

A second bug, in the way macros are handled, allows macros to execute Basic code with full system access, and without any user notification, as soon as a malicious document is opened, said. “As a result, the macro may delete/replace files, read/send private data and/or cause additional security issues,” the advisory warned. “Disabling document macros will not prevent this issue.”

Thirdly, a bug in the handling of some XML documents can trigger a buffer overflow, causing the program to crash and allowing attackers to execute malicious code.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: