‘Critical Vulnerability’ Found in OpenOffice Version 2.0.4
OpenOffice was found with highly rated critical vulnerability in its products suite that could help hackers access and compromise a user's computer. OpenOffice is a productivity suite that comes for free and includes a Word processor, drawing program, spreadsheet and formula editor.
In the Original Advisory published on September 17, 2007, iDefense Labs had confirmed the existence of flaws in OpenOffice version 2.0.4. Further, all versions preceding version 2.3 are assumed to be vulnerable too.
According to security service provider iDefense, the routines in OpenOffice causing the trouble use entries belonging to the directory of TIFF image in order to calculate the amount of memory for allocation. A correctly chosen value could cause an integer to overflow at the time of the calculation leading to a very small allocation in comparison to the size of the file. So, if the file is loaded, buffer will overflow. As a result, the program code is executed with the rights of the user who had introduced the OpenOffice.
According to Secunia published on September 18, 2007, proper exploitation could permit arbitrary code execution and in gaining control of a user's computer system, which described the flaw as extremely grave.
However, for successful exploitation, an attacker should be able to make the target user open a malicious document. This is done when the document is hosted on a Website, or sent via e-mail or other mediums.
Versions previous to OpenOffice 2.3 were reported of the vulnerabilities and it is possible to fix the problem by upgrading the software to latest version.
The home page of OpenOffice.org 2.3 revealed that it contained a large number of enhancements to its main components, and also safeguarded users against new security vulnerabilities. Channel Register published this on September 20, 2007. The site recommended the users to download this major release.
Red Hat, which had a security issue in its Enterprise Linux versions 5,4 and 3, upgraded its OpenOffice suite to correct the issue regarding security.
Users of OpenOffice's older versions are recommended to upgrade to the new office suite at the earliest.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 10/6/2007
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!