Red Hat, which had a security issue in its Enterprise Linux versions 5,4 and 3, upgraded its OpenOffice suite to correct the issue regarding security. The site recommended the users to download this major release. Channel Register published this on September 20, 2007. The home page of 2.3 revealed that it contained a large number of enhancements to its main components, and also safeguarded users against new security vulnerabilities. Versions previous to OpenOffice 2.3 were reported of the vulnerabilities and it is possible to fix the problem by upgrading the software to latest version. This is done when the document is hosted on a Website, or sent via e-mail or other mediums. However, for successful exploitation, an attacker should be able to make the target user open a malicious document. As a result, the program code is executed with the rights of the user who had introduced the OpenOffice.Īccording to Secunia published on September 18, 2007, proper exploitation could permit arbitrary code execution and in gaining control of a user's computer system, which described the flaw as extremely grave. So, if the file is loaded, buffer will overflow. A correctly chosen value could cause an integer to overflow at the time of the calculation leading to a very small allocation in comparison to the size of the file. Further, all versions preceding version 2.3 are assumed to be vulnerable too.Īccording to security service provider iDefense, the routines in OpenOffice causing the trouble use entries belonging to the directory of TIFF image in order to calculate the amount of memory for allocation. In the Original Advisory published on September 17, 2007, iDefense Labs had confirmed the existence of flaws in OpenOffice version 2.0.4. OpenOffice is a productivity suite that comes for free and includes a Word processor, drawing program, spreadsheet and formula editor. OpenOffice was found with highly rated critical vulnerability in its products suite that could help hackers access and compromise a user's computer. ‘Critical Vulnerability’ Found in OpenOffice Version 2.0.4
0 Comments
Leave a Reply. |