January 5, 2007 7:23 AM PST

OpenOffice patches 'highly critical' flaw

By Richard Thurston
Special to CNET News.com

Related Stories: Microsoft issues patch for WMF vulnerability
February 14, 2006; Microsoft warns of new Windows security issues
February 7, 2006; Russian hackers hawked Windows exploit for $4,000
February 2, 2006; Allchin: Buy Vista for the security
January 27, 2006

OpenOffice.org has patched a critical vulnerability in the open-source application suite.

The vulnerability concerns the way OpenOffice handles images in the WMF graphics file format. Exploitation of the vulnerability, which affects all but the newest version of OpenOffice, can enable a hacker to perform a buffer overflow and then introduce malicious code to the victim's PC.

Security adviser Secunia rates the vulnerability as "highly critical" and has urged people to patch their systems.

OpenOffice has uploaded the patch to its Web site. People must manually install the file in place of its vulnerable predecessor or upgrade to the latest version of the software, OpenOffice 2.1. Open-source suppliers such as Red Hat have released their own patches.

OpenOffice has become increasingly popular as a free alternative to Microsoft's Office suite. It contains all the standard business applications, including word processing, database and spreadsheet programs.

Although this is the first WMF vulnerability known to exist in OpenOffice, such flaws have been plaguing Windows for some time.

In early 2006, Microsoft acknowledged a critical weakness in the way Windows renders WMF files, leading to the company releasing patches out of cycle. The U.K. parliament was attacked at the time via the vulnerability.

Richard Thurston of ZDNet UK reported from London.

See more CNET content tagged:
OpenOffice, Microsoft Windows Metafile, patch management, flaw, vulnerability

Join the conversation

Inside CNET News

1-2 of 12

Scroll Left Scroll Right

The view from up there: An astronauts' Aurora Borealis (video)
NASA video gives those of us with our feet firmly planted on the ground a look at the Northern Lights from the International Space Station.

Cutting Edge
Samsung Galaxy Note (AT&T)
Gallery
Chinese authorities seize iPads from reseller's shelves
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.

iPhone Atlas
Can prof's algorithm reunite Craigslist Missed Connections?
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.

Technically Incorrect
Tips for keeping your browsing private
Video
Consumer electronics spending hits $144B in 2011
People shop more online, are buying tablets and e-readers, and continue to purchase Apple products at an increasing rate, says market researchers.

Digital Media
Ethical manufacturing petition delivered to San Francisco Apple Store
Video
WePay has big 2011, still hopes for 'balls to the wall' 2012
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.

Geek Gestalt
Spray-on antenna: Wireless in a can
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.

Crave
Video game Spacewar reborn at 50 (photos)
Gallery
3D Printer Build Week: Day One
3D printers will come ready-made soon, but what's it like building one of the many DIY kits out there? This week, we find out.

Crave
Engineered carbon gives batteries, ultracaps a boost
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.

Cutting Edge