Alert Number: 042108-01
Alert Date: 04/21/08
Alert Title: OpenOffice Vulnerabilities disclosed
Update-to: None.
OS/Platform/Application:
OpenOffice all versions older than 2.4
(on all supported systems)
Category: ALERT
Severity: MEDIUM
Attention: OpenOffice users, System Administrators, Desktop Support Personnel
Summary: Multiple Internet security resources are currently reporting the existence of four security vulnerabilities in Sun Microsystems' popular OpenOffice productivity suite. The most likely mechanism of exploitation for these vulnerabilities is the opening of maliciously-crafted files or documents. Successful exploitation of a vulnerable computer could result in a range of unfavorable outcomes including program/system crash and complete system takeover.
Recommended Actions: OpenOffice version 2.4 (originally released in March 2008) addresses these vulnerabilities. OpenOffice users and system administrators/support personnel who are not currently using version 2.4 are encouraged to read the security advisories (safe links provided below) and install the latest version of this software as soon as possible.
Readers are encouraged to share this alert with family, friends, and associates who may use OpenOffice on their home PCs.
ITS Actions: N/A
Resources:
FrSIRT Advisory:
http://www.frsirt.com/english/advisories/2008/1253
OpenOffice Security Team bulletin:
http://www.openoffice.org/security/bulletin.html
OpenOffice download page:
http://download.openoffice.org/index.html
