Caution: 3 exploits uncovered

Discussion in 'Tech Talk' started by David_G17, Mar 23, 2007.

  1. David_G17

    David_G17 /\/\/\/\/\/\/\/

    Likes Received:
    Oct 7, 2002

    Trio of security holes found in OpenOffice

    OpenOffice users have been warned to be vigilant following the disclosure of three vulnerabilities in the popular open source alternative to Microsoft Office.

    Security firm Secunia classified the trio of vulnerabilities as 'highly critical', the company's second-highest alert level.

    The vulnerabilities could be exploited to cause anything from a denial-of-service attack to remote execution of code.

    The first vulnerability lies in the StarCalc spreadsheet component of OpenOffice. An attacker could use a specially-crafted StarCalc file to exploit the vulnerability and remotely execute code on a user's system.

    Discovery of the vulnerability has been credited to security firm Next Generation Security Software.

    The second vulnerability, first reported by research firm iDefense, lies in the component of OpenOffice that handles WordPerfect (.wpd) files.

    If a user can be persuaded to open a specially-crafted .wpd file, an exploit could be triggered to allow an attacker to remotely execute malware, according to an iDefense advisory.

    The third vulnerability could allow an attacker to execute arbitrary shell commands within OpenOffice.

    Linux developer group Debian said that a user who clicked on a link within a specially-crafted document would be vulnerable to the attack.

    Secunia has urged users to avoid opening suspicious OpenOffice files.