OS/Platform/Application:

OpenOffice all versions older than v2.42

NOTE OpenOffice version 3.0 is NOT affected by these vulnerabilities

Category: ALERT
Severity: Medium
Attention: OpenOffice Version 2.x users, System Administrators, Desktop Support Personnel.

Summary: OpenOffice.org has released version 2.42 of its popular OpenOffice productivity suite.  OpenOffice 2.42 includes fixes for two vulnerabilities.  The vulnerabilities are related to the handing of certain Windows media files.  According to the vendor, "No working exploit is known right now".

NOTE: The latest version of OpenOffice is version 3.0; this version is not vulnerable to these issues. 

Recommended Actions:  OpenOffice version 2.x users and support personnel are encouraged to read the bulletins and apply the update as soon as possible -or- to consider updating to OpenOffice 3.0

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

OpenOffice.org Advisories:
http://www.openoffice.org/security/cves/CVE-2008-2237.html

http://www.openoffice.org/security/cves/CVE-2008-2238.html

OpenOffice.org download page (NOTE defaults to 3.0):
http://download.openoffice.org/