Site Statistics
 
Threads: 3,995
Posts: 17,462
Members: 2,981
Users Online: 16
Newest Member: accobra


Go Back   PC101 > Computer Related Forums > Software > UNIX / Linux
Reload this Page Patch issued for OpenOffice.org WMF vulnerability

UNIX / Linux Linux is the UNIX-like operating system that provides personal computer users a FREE or very low-cost operating system.


Reply
 
LinkBack Thread Tools Display Modes
Old 01-04-2007, 06:35 PM   #1
Winged Messenger
 
Mercury's Avatar
 
Join Date: Dec 2006
Posts: 321
Rep Power: 2 Mercury is on a distinguished road
Post Patch issued for OpenOffice.org WMF vulnerability
Patch issued for OpenOffice.org WMF vulnerability
Flaw could enable unauthorized code to run on a targeted computer

January 04, 2007 (IDG News Service) -- A patch has been released for a vulnerability in the OpenOffice.org productivity suite, a problem rated as "highly critical" by one security vendor.

The flaw could be exploited by creating a malicious file in the Windows Metafile (WMF) or Enhanced Metafile formats. If the file was opened by a user, it could start running unauthorized code on a computer, according to an advisory by Linux distribution vendor Red Hat Inc., which offers the OpenOffice suite with several of its products.

OpenOffice.org is a free software suite that includes a word processor, spreadsheet and presentation program. It's a competitor to Microsoft Corp.'s Office suite, although it's not as widely used.

OpenOffice.org has publisheda patch, which in turn is being distributed by Red Hat.

The problem was first reported in October, but the vendors that distribute OpenOffice and often work together on security issues chose not to issue the patch until OpenOffice.org acknowledged earlier this week that it was a security issue, said Mark Cox, director of Red Hat's Security Response Team.

No public exploits or even proof-of-concept code has been discovered, he added.

Red Hat rated the flaw as "important," since a user would have to open a malicious file, Cox said. Red Hat users will either receive an update automatically or notification to upgrade their software, he added.

Secunia ApS, however, rated the vulnerability as "highly critical," a rank of four on a five-number scale of increasing severity.

The WMF format proved problematic for OpenOffice.org's rival in 2006. After pressure from its customers, Microsoft issued an out-of-cycle patch early last year for its operating systems after widespread attempts to exploit a WMF vulnerability. The flaw -- one of the top security problems of 2006 -- also left Windows systems vulnerable to running code if a malicious WMF was opened.

More...
Last edited by Lyte; 01-04-2007 at 07:58 PM.
Mercury is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Ever wonder how Red Hat got its name? | 3Com looks to Linux for applications capability »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Patch Tuesday to be a half-day Lyte PC Security 0 01-07-2007 04:59 PM
Adobe: Users should upgrade Reader, Acrobat to mitigate vulnerability Lyte PC Security 0 01-07-2007 04:59 PM
Major Windows Hole - Patch Now Lyte PC & Tech Related News, Events and More! 0 08-11-2006 05:49 PM
Microsoft Patch Tuesday Cleans Up IE aleeonline PC Security 0 04-17-2006 02:43 PM
Trojan circulates as fake McAfee patch aleeonline PC Security 0 04-17-2006 02:41 PM



All times are GMT -5. The time now is 08:35 PM.

Powered by vBulletin Version 3.7.0
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0 RC5


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30