Security
Subscribe to this site with RSS
Patch issued for OpenOffice.org WMF vulnerability
A patch has been widely released for a vulnerability in the OpenOffice.org productivity suite, a problem rated as "highly critical" by one security vendor.
Related links
No results were found for your search.
Your query is too restrictive.
You might want to try: security
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
The flaw could be exploited by creating a malicious file in the Windows Metafile (WMF) or Enhanced Metafile (EMF) formats. If the file was opened by a user, it could start running unauthorized code on a computer, according to an advisory by Linux distribution vendor Red Hat, which offers the OpenOffice suite with several of its products.
OpenOffice.org is a free software suite that includes a word processor, spreadsheet and a presentation program. It's a competitor to Microsoft's Office suite, although it's not as widely used.
OpenOffice.org has published a patch, which in turn is being distributed by Red Hat.
The problem was first reported in October, but the vendors who distribute OpenOffice - who often work together on security issues - opted not to issue the patch until OpenOffice.org acknowledged earlier this week it was a security issue, said Mark Cox, director of Red Hat's Security Response Team.
No public exploits or even proof-of-concept code has been discovered, he added.
Red Hat rated the flaw as only "important" since a user would have to open a malicious file, Cox said. Red Hat users will either receive an update automatically or notification to upgrade their software, he added.
Secunia, however, rated the vulnerability as "highly critical," a rank of "four" on a five-number scale of increasing severity.
The WMF format proved problematic for OpenOffice.org's rival in 2006. After pressure from its customers, Microsoft issued an out-of-cycle patch early last year for its operating systems after widespread attempts to exploit a WMF vulnerability. The flaw - one of the top security problems of 2006 - also left Windows systems vulnerable to running code if a malicious WMF was opened.
The IDG News Service is a Network World affiliate.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• SCO CEO takes the witness stand
• Linux visionary convicted of murder
• Ubuntu releases Hardy Heron
• Computer experts protest Microsoft OOXML
• US software lock-ins harm local bidders
LugRadio Live USA San Francisco, April 12-13 2008.
Nerdapalooza Orlando, Florida, July 4-5 2008.
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Featured Whitepapers
| The Fanatical Support Promise: Our Commitment to You - Rackspace | Webcast: Enterprise Linux Support - Oracle |