The Security Side of OpenOffice.org 3.2
Article by George Norman
On 16 Feb 2010
The final version of OpenOffice.org 3.2 has been released to the public earlier this month. The free alternative to Microsoft’s Office productivity suite comes with new and improved features and functionality, provides better compatibility with other office software, offers 46% faster “cold start’ times for Calc and Writer, fixes bugs and plugs security holes.

Speaking of security holes, here are the security holes that OpenOffice.org 3.2 plugs: Title: Potential vulnerability related to MS-Word document processing
Description: A security vulnerability in OpenOffice.org, related to Word document processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted Word document provided by the remote user.
Affected software: All OpenOffice.org versions except 3.2
Credit: Nicolas Joly, VUPEN Vulnerability Research Team.

Title: Potential vulnerability related to GIF file processing
Description: A security vulnerability in OpenOffice.org, related to GIF file processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted GIF file provided by the remote user. GIF files can also be embedded in different kind of documents, including documents in the OpenDocument Format (ODF), the default format used by OpenOffice.org.
Affected software: All OpenOffice.org versions except 3.2
Credit: Frank Reißner and Sebastian Apelt from siberas

Title: Potential vulnerability related to XPM file processing
Description: A security vulnerability in OpenOffice.org, related to XPM file processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted XPM file provided by the remote user. XPM files can also be embedded in different kind of documents, including documents in the OpenDocument Format (ODF), the default format used by OpenOffice.org.
Affected software: All OpenOffice.org versions except 3.2
Credit: Sebastian Apelt from siberas Title: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime
Description: OpenOffice.org 3 for Windows ships with a vulnerable version of the MSVC Runtime. OpenOffice.org is not affected by the security issue, but centrally installs the vulnerable MSVC Runtime if it didn't exist on the system before. The vulnerable version should be updated automatically by the monthly Windows updates, but newer versions of OpenOffice.org also come with the updated MSVC Runtime.
Affected software: All OpenOffice.org for Windows versions except 3.2. OpenOffice.org 2 and OpenOffice.org 1.1 are not affected.

Title: Potential vulnerability from 3rd party libxmlsec libraries
Description: OpenOffice.org 2 and 3 ship with 3rd party libraries affected by the XML signature HMAC truncation authentication bypass issue documented here.
Affected software: All OpenOffice.org 2 versions; all OpenOffice.org 3 versions except 3.2 Title: Potential vulnerability from 3rd party libxml2 libraries
Description: OpenOffice.org 2 and 3 might fail to handle signatures properly due to the use of a 3rd party library known for having the issue described here.
Affected software: All OpenOffice.org 2 versions; all OpenOffice.org 3 versions except 3.2

Advertising

If you are currently using OpenOffice.org 3, then you should upgrade to version 3.2 and take advantage of all the new and improved features as well as the enhanced level of security. Speaking of features and functionality, here are the other bits and pieces you can expect to get from OpenOffice 3.2:
  • - Faster start up times
  • - Improved compatibility with open standard (ODF) and proprietary file formats
  • - Improvements to all components, particularly the Calc spreadsheet, with over a dozen new or enhanced features
  • - The Chart module (usable throughout OpenOffice.org) has had a usability makeover as well as offering new chart types

You can download OpenOffice.org 3.2 here.




Tags: OpenOffice.org, OpenOffice.org 3.2, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 17 Jul 2017
If you want top notch protection for your Windows computer, you can’t go wrong by getting something developed by the internationally renowned security company Kaspersky Lab. The problem is that…
By George Norman on 26 Jul 2017
Top-notch real-time protection against viruses doesn’t have to cost money, not if you go with the recently introduced Kaspersky Free antivirus solution. It may not come with a lot of bells and whistles, but it nicely covers all the basics and...
By George Norman on 31 Jul 2017
Are people taking better care of their passwords, or have their password habits changed for the worse? To get an answer to that question, data loss prevention software company Digital Guardian surveyed a thousand people about their password security habits and found that...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
The Security Side of OpenOffice.org 3.2
HTML Linking Code