Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

OpenOffice "Opens" Your Computer to Hackers

Vulnerability disclosed

By Alexandru Dumitru, Security News Editor

18th of September 2007, 12:59 GMT

Adjust text size:



Enlarge picture
OpenOffice is one of those programs that a lot of people like and use, so when you disclose a vulnerability like this, it's best to let everyone know about it. It is important that people update the software in order to patch up any vulnerability. If you want to see what versions are affected by this (so you can tell if yours is flawed)
click on this link.

The program suffers from TIFF file parser multiple integer overflow vulnerabilities. These are pretty severe, and here's why: if a hacker should target them, and properly exploit them too, then he could execute arbitrary code within the context of the affected application. I got that info from SecurityFocus. They've also said that failed exploit attempts will lead to a denial of service. That's why I said it was severe - if the hacker gets there, he either executes the code, or you get a DoS, so anyway you put it, it's still bad.

As the same site explains, these vulnerabilities are caused by the fact that the application fails to bound-check user-supplied data before copying it into an insufficiently sized buffer. But don't worry, things don't just happen like that - the vulnerabilities can only be exploited if the users open malicious TIFF files. Anyway, there's no need to panic, al these vulnerabilities go away in version 2.3 so just get that one and everything will be fine.

In case you've never heard about OpenOffice, though I doubt it, it's a free and open source software office suit. The keyword here is "free". Sure, it's not as good as similar applications are, such as Microsoft Office for instance, but it's a really great tool. It works on Windows, Mac OS X, Solaris and others. The greatest part about it is the fact that it supports a standard (called OpenDocument) for data interchange.

TAGS:

 openoffice | vulnerability | flaws | hacks


Rating:
Good (3.3/5) 6 vote(s) so far    

Read by 510 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


OpenOffice.org Premium 2.0.3 Is Available for Download

OpenOffice Highly Critical Vulnerability

Google Office Will Support the OpenOffice Format!

Choose Now: OpenOffice or Microsoft Office?

IBM Will Join the OpenOffice.org Community

The Canadian Labour Congress Switches to OpenOffice

OpenOffice.org 2.3.0 Available Now

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive