Patch issued for OpenOffice.org WMF vulnerability
- 05 January, 2007 09:46
- Comments
A patch has been widely released for a vulnerability in the OpenOffice.org productivity suite, a problem rated as "highly critical" by one security vendor.
The flaw could be exploited by creating a malicious file in the Windows Metafile (WMF) or Enhanced Metafile (EMF) formats. If the file was opened by a user, it could start running unauthorized code on a computer, according to an advisory by Linux distribution vendor Red Hat Inc. which offers the OpenOffice suite with several of its products.
OpenOffice.org is a free software suite that includes a word processor, spreadsheet and a presentation program. It's a competitor to Microsoft's Office suite, although it's not as widely used.
OpenOffice.org has published a patch, which in turn is being distributed by Red Hat.
The problem was first reported in October, but the vendors who distribute OpenOffice -- who often work together on security issues -- opted not to issue the patch until OpenOffice.org acknowledged earlier this week it was a security issue, said Mark Cox [cq], director of Red Hat's Security Response Team.
No public exploits or even proof-of-concept code has been discovered, he added.
Red Hat rated the flaw as only "important" since a user would have to open a malicious file, Cox said. Red Hat users will either receive an update automatically or notification to upgrade their software, he added.
Secunia ApS, however, rated the vulnerability as "highly critical," a rank of "four" on a five-number scale of increasing severity.
The WMF format proved problematic for OpenOffice.org's rival in 2006. After pressure from its customers, Microsoft issued an out-of-cycle patch early last year for its operating systems after widespread attempts to exploit a WMF vulnerability. The flaw -- one of the top security problems of 2006 -- also left Windows systems vulnerable to running code if a malicious WMF was opened.
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Customer Case Study: Yarra Valley Water Turns to Enterprise Software to Improve Information Flow
- Enterprise Buyers Guide for Printers
- FTP Replacement: Where MFT Makes Sense and Why You Should Care
- Managing Private and Hybrid Clouds for Data Storage
- Best Practices for Energy Efficient Storage Operations Version 1.0
-
Customer service still dogs Telstra
-
Customer service still dogs Telstra
-
Foxtel subscriber base grows
-
Obama's H-1B answer in forum may haunt him
-
NBN a pie in the sky: Morgan
-
Windows 7 for Dummies®
-
Teach Yourself Visually Windows 7
-
Windows 7 for Seniors for Dummies®
-
Windows 7 for Dummies® Dvd+book Bundle
-
MYOB Software for Dummies 6E Australian Edition
-
Office 2007 for Dummies
-
Computers for Seniors for Dummies, 2nd Edition
-
Microsoft Office
-
Excel 2007 All-In-One Desk Reference for Dummies












Comments
Post new comment