January 5, 2007 7:23 AM PST

OpenOffice patches 'highly critical' flaw

OpenOffice.org has patched a critical vulnerability in the open-source application suite.

The vulnerability concerns the way OpenOffice handles images in the WMF graphics file format. Exploitation of the vulnerability, which affects all but the newest version of OpenOffice, can enable a hacker to perform a buffer overflow and then introduce malicious code to the victim's PC.

Security adviser Secunia rates the vulnerability as "highly critical" and has urged people to patch their systems.

OpenOffice has uploaded the patch to its Web site. People must manually install the file in place of its vulnerable predecessor or upgrade to the latest version of the software, OpenOffice 2.1. Open-source suppliers such as Red Hat have released their own patches.

OpenOffice has become increasingly popular as a free alternative to Microsoft's Office suite. It contains all the standard business applications, including word processing, database and spreadsheet programs.

Although this is the first WMF vulnerability known to exist in OpenOffice, such flaws have been plaguing Windows for some time.

In early 2006, Microsoft acknowledged a critical weakness in the way Windows renders WMF files, leading to the company releasing patches out of cycle. The U.K. parliament was attacked at the time via the vulnerability.

Richard Thurston of ZDNet UK reported from London.

See more CNET content tagged:
OpenOffice, Microsoft Windows Metafile, patch management, flaw, vulnerability

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.