The Security Side of OpenOffice.org 3.2
The final version of OpenOffice.org 3.2 has been released to the public earlier this month. The free alternative to Microsoft’s Office productivity suite comes with new and improved features and functionality, provides better compatibility with other office software, offers 46% faster “cold start’ times for Calc and Writer, fixes bugs and plugs security holes.
Speaking of security holes, here are the security holes that OpenOffice.org 3.2 plugs: Title: Potential vulnerability related to MS-Word document processing
Description: A security vulnerability in OpenOffice.org, related to Word document processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted Word document provided by the remote user.
Affected software: All OpenOffice.org versions except 3.2
Credit: Nicolas Joly, VUPEN Vulnerability Research Team.
Title: Potential vulnerability related to GIF file processing
Description: A security vulnerability in OpenOffice.org, related to GIF file processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted GIF file provided by the remote user. GIF files can also be embedded in different kind of documents, including documents in the OpenDocument Format (ODF), the default format used by OpenOffice.org.
Affected software: All OpenOffice.org versions except 3.2
Credit: Frank Reißner and Sebastian Apelt from siberas
Title: Potential vulnerability related to XPM file processing
Description: A security vulnerability in OpenOffice.org, related to XPM file processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted XPM file provided by the remote user. XPM files can also be embedded in different kind of documents, including documents in the OpenDocument Format (ODF), the default format used by OpenOffice.org.
Affected software: All OpenOffice.org versions except 3.2
Credit: Sebastian Apelt from siberas Title: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime
Description: OpenOffice.org 3 for Windows ships with a vulnerable version of the MSVC Runtime. OpenOffice.org is not affected by the security issue, but centrally installs the vulnerable MSVC Runtime if it didn't exist on the system before. The vulnerable version should be updated automatically by the monthly Windows updates, but newer versions of OpenOffice.org also come with the updated MSVC Runtime.
Affected software: All OpenOffice.org for Windows versions except 3.2. OpenOffice.org 2 and OpenOffice.org 1.1 are not affected.
Title: Potential vulnerability from 3rd party libxmlsec libraries
Description: OpenOffice.org 2 and 3 ship with 3rd party libraries affected by the XML signature HMAC truncation authentication bypass issue documented here.
Affected software: All OpenOffice.org 2 versions; all OpenOffice.org 3 versions except 3.2 Title: Potential vulnerability from 3rd party libxml2 libraries
Description: OpenOffice.org 2 and 3 might fail to handle signatures properly due to the use of a 3rd party library known for having the issue described here.
Affected software: All OpenOffice.org 2 versions; all OpenOffice.org 3 versions except 3.2
If you are currently using OpenOffice.org 3, then you should upgrade to version 3.2 and take advantage of all the new and improved features as well as the enhanced level of security. Speaking of features and functionality, here are the other bits and pieces you can expect to get from OpenOffice 3.2:
You can download OpenOffice.org 3.2 here.
Tags: OpenOffice.org, OpenOffice.org 3.2, Security
Speaking of security holes, here are the security holes that OpenOffice.org 3.2 plugs: Title: Potential vulnerability related to MS-Word document processing
Description: A security vulnerability in OpenOffice.org, related to Word document processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted Word document provided by the remote user.
Affected software: All OpenOffice.org versions except 3.2
Credit: Nicolas Joly, VUPEN Vulnerability Research Team.
Title: Potential vulnerability related to GIF file processing
Description: A security vulnerability in OpenOffice.org, related to GIF file processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted GIF file provided by the remote user. GIF files can also be embedded in different kind of documents, including documents in the OpenDocument Format (ODF), the default format used by OpenOffice.org.
Affected software: All OpenOffice.org versions except 3.2
Credit: Frank Reißner and Sebastian Apelt from siberas
Title: Potential vulnerability related to XPM file processing
Description: A security vulnerability in OpenOffice.org, related to XPM file processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted XPM file provided by the remote user. XPM files can also be embedded in different kind of documents, including documents in the OpenDocument Format (ODF), the default format used by OpenOffice.org.
Affected software: All OpenOffice.org versions except 3.2
Credit: Sebastian Apelt from siberas Title: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime
Description: OpenOffice.org 3 for Windows ships with a vulnerable version of the MSVC Runtime. OpenOffice.org is not affected by the security issue, but centrally installs the vulnerable MSVC Runtime if it didn't exist on the system before. The vulnerable version should be updated automatically by the monthly Windows updates, but newer versions of OpenOffice.org also come with the updated MSVC Runtime.
Affected software: All OpenOffice.org for Windows versions except 3.2. OpenOffice.org 2 and OpenOffice.org 1.1 are not affected.
Title: Potential vulnerability from 3rd party libxmlsec libraries
Description: OpenOffice.org 2 and 3 ship with 3rd party libraries affected by the XML signature HMAC truncation authentication bypass issue documented here.
Affected software: All OpenOffice.org 2 versions; all OpenOffice.org 3 versions except 3.2 Title: Potential vulnerability from 3rd party libxml2 libraries
Description: OpenOffice.org 2 and 3 might fail to handle signatures properly due to the use of a 3rd party library known for having the issue described here.
Affected software: All OpenOffice.org 2 versions; all OpenOffice.org 3 versions except 3.2
Advertising
If you are currently using OpenOffice.org 3, then you should upgrade to version 3.2 and take advantage of all the new and improved features as well as the enhanced level of security. Speaking of features and functionality, here are the other bits and pieces you can expect to get from OpenOffice 3.2:
- - Faster start up times
- - Improved compatibility with open standard (ODF) and proprietary file formats
- - Improvements to all components, particularly the Calc spreadsheet, with over a dozen new or enhanced features
- - The Chart module (usable throughout OpenOffice.org) has had a usability makeover as well as offering new chart types
You can download OpenOffice.org 3.2 here.
Tags: OpenOffice.org, OpenOffice.org 3.2, Security
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 05 Jan 2012
This is proof that there are a lot of threats on the web and the perfect example of why you should use a properly good security solution to secure your data against viruses and other malware
By George Norman on 15 Feb 2012
Security oriented people who don’t want to take the risk that someone is snooping on their web traffic will remember that back in March 2011 Twitter announced that it added a setting that
By George Norman on 20 Feb 2012
After announcing that it turned on HTTPS for everyone, the team behind the popular micro-blogging and social networking site announced that the new Twitter.com website is now available to everyone.
By George Norman on 02 Dec 2011
The topic of computer security came up just the other day when I was out with friends. One said he relies on Kaspersky because it’s a properly good security solution, another said he relies on BitDefender becauseAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
The Security Side of OpenOffice.org 3.2
HTML Linking Code
HTML Linking Code