Security Flaw Confirmed in OpenOffice
The makers of the OpenOffice.org productivity suite confirmed late Tuesday that a buffer overflow flaw does indeed exist in both the latest stable and beta versions of the software. The issue could potentially make its users vulnerable to code execution attacks.
Community manager, Louis Suarez-Potts, confirmed to eWeek Tuesday that the flaw did indeed exist and said it was caused when the program handles a specially written .doc file. "We learned of this March 31 and will be working on it immediately. A patch is ready but it is still going through [quality assurance] testing," he said.
Security firm Secunia calls the flaw "moderately critical," because while the bug is serious enough to cause compromising of data, it requires the user perform a certain set of actions in order for it to occur.
Suarez-Potts says a fix for the problem will likely be made available by the end of this week.
OpenOffice.org is an open source productivity suite that offers a word processor, spreadsheet, presentation software and a drawing program. The project began with code from the StarOffice suite and is supported by Sun Microsystems.