The Security Side of OpenOffice.org 3.2

Article by George Norman (Cybersecurity Editor)

on 16 Feb 2010

The final version of OpenOffice.org 3.2 has been released to the public earlier this month. The free alternative to Microsoft’s Office productivity suite comes with new and improved features and functionality, provides better compatibility with other office software, offers 46% faster “cold start’ times for Calc and Writer, fixes bugs and plugs security holes.

Speaking of security holes, here are the security holes that OpenOffice.org 3.2 plugs: Title: Potential vulnerability related to MS-Word document processing
Description: A security vulnerability in OpenOffice.org, related to Word document processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted Word document provided by the remote user.
Affected software: All OpenOffice.org versions except 3.2
Credit: Nicolas Joly, VUPEN Vulnerability Research Team.

Title: Potential vulnerability related to GIF file processing
Description: A security vulnerability in OpenOffice.org, related to GIF file processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted GIF file provided by the remote user. GIF files can also be embedded in different kind of documents, including documents in the OpenDocument Format (ODF), the default format used by OpenOffice.org.
Affected software: All OpenOffice.org versions except 3.2
Credit: Frank Reißner and Sebastian Apelt from siberas

Title: Potential vulnerability related to XPM file processing
Description: A security vulnerability in OpenOffice.org, related to XPM file processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted XPM file provided by the remote user. XPM files can also be embedded in different kind of documents, including documents in the OpenDocument Format (ODF), the default format used by OpenOffice.org.
Affected software: All OpenOffice.org versions except 3.2
Credit: Sebastian Apelt from siberas Title: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime
Description: OpenOffice.org 3 for Windows ships with a vulnerable version of the MSVC Runtime. OpenOffice.org is not affected by the security issue, but centrally installs the vulnerable MSVC Runtime if it didn't exist on the system before. The vulnerable version should be updated automatically by the monthly Windows updates, but newer versions of OpenOffice.org also come with the updated MSVC Runtime.
Affected software: All OpenOffice.org for Windows versions except 3.2. OpenOffice.org 2 and OpenOffice.org 1.1 are not affected.

Title: Potential vulnerability from 3rd party libxmlsec libraries
Description: OpenOffice.org 2 and 3 ship with 3rd party libraries affected by the XML signature HMAC truncation authentication bypass issue documented here.
Affected software: All OpenOffice.org 2 versions; all OpenOffice.org 3 versions except 3.2 Title: Potential vulnerability from 3rd party libxml2 libraries
Description: OpenOffice.org 2 and 3 might fail to handle signatures properly due to the use of a 3rd party library known for having the issue described here.
Affected software: All OpenOffice.org 2 versions; all OpenOffice.org 3 versions except 3.2

If you are currently using OpenOffice.org 3, then you should upgrade to version 3.2 and take advantage of all the new and improved features as well as the enhanced level of security. Speaking of features and functionality, here are the other bits and pieces you can expect to get from OpenOffice 3.2:
  • - Faster start up times
  • - Improved compatibility with open standard (ODF) and proprietary file formats
  • - Improvements to all components, particularly the Calc spreadsheet, with over a dozen new or enhanced features
  • - The Chart module (usable throughout OpenOffice.org) has had a usability makeover as well as offering new chart types

You can download OpenOffice.org 3.2 here.



Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all