Dr. Strangelove
07-07-2006, 05:41 AM
From today's SANS NewsBites Vol. 8 Num. 53
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--OpenOffice Update Addresses Three Flaws
(3 July 2006)
A recently released OpenOffice update addresses three security flaws.
The first could allow Java applets to escape the "sandbox" where they
can execute without fear of harming the computer; the second could allow
macros to execute even if the user has disabled that function; and the
third could allow malicious code onto systems through a buffer overflow
in XML file format parsing. The flaws affect versions 1.1.x and 2.0.x;
OpenOffice version 2.0.3 addresses the problems, and a patch for 1.1.x
is expected to be released soon. The flaws also affect StarOffice/Star
Suite 8.x and 7.x and StarOffice 6.x; patches are available. The flaws
were discovered during internal audits and there are no known exploits.
http://www.desktoppipeline.com/showArticle.jhtml?articleID=190200011
http://www.theregister.co.uk/2006/07/03/openoffice_security_bug_fix/print.html
Doc
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--OpenOffice Update Addresses Three Flaws
(3 July 2006)
A recently released OpenOffice update addresses three security flaws.
The first could allow Java applets to escape the "sandbox" where they
can execute without fear of harming the computer; the second could allow
macros to execute even if the user has disabled that function; and the
third could allow malicious code onto systems through a buffer overflow
in XML file format parsing. The flaws affect versions 1.1.x and 2.0.x;
OpenOffice version 2.0.3 addresses the problems, and a patch for 1.1.x
is expected to be released soon. The flaws also affect StarOffice/Star
Suite 8.x and 7.x and StarOffice 6.x; patches are available. The flaws
were discovered during internal audits and there are no known exploits.
http://www.desktoppipeline.com/showArticle.jhtml?articleID=190200011
http://www.theregister.co.uk/2006/07/03/openoffice_security_bug_fix/print.html
Doc