OpenOffice patches 'highly critical' flaw

[Lyte]

OpenOffice patches 'highly critical' flaw
By Richard Thurston, ZDNet (UK)
Published on ZDNet News: January 5, 2007, 7:23 AM PT

OpenOffice.org has patched a critical vulnerability in the open-source application suite.

The vulnerability concerns the way OpenOffice handles images in the WMF graphics file format. Exploitation of the vulnerability, which affects all but the newest version of OpenOffice, can enable a hacker to perform a buffer overflow and then introduce malicious code to the victim's PC.

Security adviser Secunia rates the vulnerability as "highly critical" and has urged people to patch their systems.

OpenOffice has uploaded the patch to its Web site. People must manually install the file in place of its vulnerable predecessor or upgrade to the latest version of the software, OpenOffice 2.1. Open-source suppliers such as Red Hat have released their own patches.

More...