Language Selection

English French German Italian Portuguese Spanish

OpenOffice Confirms Buffer Overflow Flaw

Filed under
Security

The OpenOffice.org community on Tuesday confirmed the existence of a potentially serious heap-overflow vulnerability in its freely distributed office productivity suite.

The flaw affects OpenOffice Version 1.1.4 and prior and OpenOffice Version 2.0-dev and prior and could put users at risk of code execution attacks.

OpenOffice.org community manager Louis Suarez-Potts confirmed that the vulnerability was discovered in the "StgCompObjStream::Load()" function and occurs when handling a specially crafted ".doc" file.

This could potentially be exploited by attackers to compromise a vulnerable system by convincing a user to open a malicious document with an unpatched application.

"We learned of this March 31 and will be working on it immediately. A patch is ready but it is still going through [quality assurance] testing," Suarez-Potts told eWEEK.com. The update is expected to be available for general download within two days.

Full Story.

More in Tux Machines

Red Hat Pushes Forward with CentOS [VIDEO]

At the beginning of 2014, Red Hat embraced the community CentOS Linux distribution. It's a move that brought the clone of Red Hat Enterprise Linux (RHEL) closer into the Red Hat organization. In a video interview, Paul Cormier, EVP and President at Red Hat, details how the CentOS relationship has worked out over the course of 2014. Read more

FLOSS Works – Now It Has Salesmen

Canonical claimed 20 million PCs had shipped from OEMs in 2013/2014 with Ubuntu GNU/Linux. Read more

Contain yourself: The layman's guide to Docker

Welcome to the age of containerization, where an ecosystem led by startup Docker is leading IT organizations to ineffable peaks of efficiency, helping them scale their workloads ever-higher, and probably baking them a nice cake to boot (it's my birthday, I have cake on the brain, sue me). Microsoft, Google and Amazon Web Services are all tripping over themselves to make sure prospective customers know that their clouds are the place to be if you want to get the most from Docker. Read more

Contain yourself: The layman's guide to Docker

Welcome to the age of containerization, where an ecosystem led by startup Docker is leading IT organizations to ineffable peaks of efficiency, helping them scale their workloads ever-higher, and probably baking them a nice cake to boot (it's my birthday, I have cake on the brain, sue me). Microsoft, Google and Amazon Web Services are all tripping over themselves to make sure prospective customers know that their clouds are the place to be if you want to get the most from Docker. Read more