Language Selection

English French German Italian Portuguese Spanish

OpenOffice Confirms Buffer Overflow Flaw

Filed under
Security

The OpenOffice.org community on Tuesday confirmed the existence of a potentially serious heap-overflow vulnerability in its freely distributed office productivity suite.

The flaw affects OpenOffice Version 1.1.4 and prior and OpenOffice Version 2.0-dev and prior and could put users at risk of code execution attacks.

OpenOffice.org community manager Louis Suarez-Potts confirmed that the vulnerability was discovered in the "StgCompObjStream::Load()" function and occurs when handling a specially crafted ".doc" file.

This could potentially be exploited by attackers to compromise a vulnerable system by convincing a user to open a malicious document with an unpatched application.

"We learned of this March 31 and will be working on it immediately. A patch is ready but it is still going through [quality assurance] testing," Suarez-Potts told eWEEK.com. The update is expected to be available for general download within two days.

Full Story.

More in Tux Machines

Conky Manager to Fedora

Conky Manager is a GUI for managing Conky scripts. It provides options to start/stop, browse and edit Conky themes installed on the system, It Read more

Taiga, a new open source project management tool with focus on usability

Taiga is an open source project management tool that aims to solve the basic problem of software usability. Designed with this sole aim, the developers claim it's "beautiful to look at all day long." Let's start with the history of how Taiga began and then move on to the innovative features this new project management tool offers. It started with the team at Kaleidos, a Madrid-based company that builds software for both large corporations and startups. Though much of their time is spent working for clients, several times a year they break off for their own Personal Innovation Weeks (ΠWEEK). These are weeklong hack-a-thons dedicated to personal improvement and prototyping internal ideas of all sorts. While there, they unanimously decided to solve the biggest of their own problems: project management. Read more

Google’s Nest buys Linux automation firm, adds five partners

Google’s Nest Labs acquired Revolv, a maker of Linux-based home automation devices, and announced five new Nest-compatible devices. including the Pebble. After Google acquired Nest Labs in January $3.2 billion, placing a stake in the fast-growing home automation business, Nest acquired home surveillance camera maker Dropcam in June for $555 million. Now Nest announced it has acquired another major home automation company in its purchase of Revolv. The acquisition, which was announced with no dollar amount, came shortly after the Boulder, Colo. based company announced compatibility with the Nest Learning Thermostat and Nest Protect CO/smoke detector. Read more

Android Wear Gets Its First Big Update

Google's Android Wear on Thursday got its first major update, bringing GPS support and offline music capabilities to the wearables platform. "Android Wear is great for tracking things like route, distance and speed," wrote Kenny Stoltz, Android Wear product manager. "Before today, you had to keep your phone close at hand. Starting today, Wear supports watches with GPS sensors, so you can enjoy these features regardless of where your phone's at." Read more