Summary:  Internet Security-Related Agencies are currently reporting the existence of a vulnerability in the HSQLDB (the default database engine) component of OpenOffice.org.  A likely vector of exploit for this vulnerability is the opening of a specifically-crafted database document.  This vulnerability is rated as "highly critical" by at least one Agency.  An updated version of OpenOffice.org (that includes a new version of HSQLDB) is available from the vendor to address this vulnerability.

Recommended Actions:  Persons who manage, maintain or use OpenOffice.org are encouraged to read the update information (including any associated caveats, system requirements, etc) and (if appropriate) apply the upgrade immediately as per the instructions provided by the vendor. 

Readers are encouraged to share this alert with family, friends, and associates who may use OpenOffice on their home PCs.

ITS Actions:  At this time, ITS is taking no specific additional actions to address this software update release.

Resources:

OpenOffice security advisory:
http://www.openoffice.org/security/cves/CVE-2007-4575.html

Secunia Advisory:
http://secunia.com/advisories/27928/

OpenOffice.org download page:
http://www.openoffice.org/index.html