Open Office patches six flaws

By on
Open Office patches six flaws

A new security update has been released for open source productivity suite OpenOffice.org.

The latest version of the suite includes fixes for six security vulnerabilities, four of which could potentially be exploited for arbitrary code execution. The other two flaws could potentially be used to bypass authentication protections.

OpenOffice.org said that the two authorisation flaws occurred in the libxml2 and libxmlsec components. The flaws left the two libraries unable to properly examine and authorise file signatures.

Among the four remote code execution flaws were vulnerabilities in the handling or XPM and GIF files. The organisation warned that attackers could potentially target vulnerable systems by embedding the attack files within ODF documents.

Another remote code flaw exists in the component used to load Microsoft Word files within OpenOffice.org. The organisation warned that attackers could target the flaw with specially-crafted Word documents.

Also addressed in the update is a fix for a remote code execution vulnerability in the MSVC Runtime component bundled with the suite. The organisation said that while OpenOffice.org itself was not vulnerable to attack, the component could be targeted through other applications.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
code component execution files flaws security suite

Partner Content

Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program

Sponsored Whitepapers

F5’s 2025 Report: Unlocking AI Success by Conquering App & API Complexity
F5’s 2025 Report: Unlocking AI Success by Conquering App & API Complexity
Driving Innovation and Sustainability through Hybrid IT and AI Solutions
Driving Innovation and Sustainability through Hybrid IT and AI Solutions
Easing the burden of Microsoft CSP management
Easing the burden of Microsoft CSP management
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan

Events

techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025
techpartner.news Benchmark Security Awards 2025
techpartner.news Benchmark Security Awards 2025

Most read articles

NEXTGEN "realigns" structure, announces senior promotions, plans vendor consolidation

NEXTGEN "realigns" structure, announces senior promotions, plans vendor consolidation
Ingram Micro "grateful" for customers' support during cybersecurity incident

Ingram Micro "grateful" for customers' support during cybersecurity incident
The Aussie startup building an integration platform for MSPs and SIs

The Aussie startup building an integration platform for MSPs and SIs
Atturra's FY25 revenue to exceed $300m

Atturra's FY25 revenue to exceed $300m

Log in

Email:
Password:
  |  Forgot your password?