Watch out, update ASAP if you have not already!
OpenOffice.org has released a patch for three security vulnerabilities in its popular open-source office software suite.
Maliciously crafted Java applets can break out of the sandbox (the security mechanism that runs untrusted code) in OpenOffice versions 1.1.x, and 2.0.x, the company said in a bulletin last week. This could give the malicious software full access to systems, allowing it to read or send private data, and destroy or replace files.
The second hole enables hackers to inject executable code into OpenOffice documents using a macro, which runs when that document is opened. The user is not asked or notified, and the macro has full access to system resources with current user's privileges, again enabling it to read or send private data, and to destroy or replace files.
A buffer overflow vulnerability has also been discovered, by Wade Alcorn of NGSSoftware. The buffer overflow can cause a memory overload and program crash that enables a hacker to attack the affected system.
People can protect their systems from the first vulnerability by disabling support for Java applets within OpenOffice. There are no work-arounds for the macro and buffer overflow vulnerabilities.
read fully story here 
Linear Mode
