OpenOffice.org all versions older than version 2.4.1

Category: ALERT
Severity: MEDIUM
Attention: OpenOffice Users, System Administrators, Desktop Support Personnel.

Summary: Sun Microsystems has released version 2.4.1 of its popular OpenOffice.org productivity suite.  OpenOffice.org 2.4.1 includes a number of functional enhancements as well as a patch for a security vulnerability that could (if exploited) result in a range of unfavorable outcomes including application crash and complete system takeover.  The most likely mechanism of exploit would be the handling of a maliciously-crafted file or document.

Recommended Actions:  OpenOffice.org users and persons who support or administrate computer systems running OpenOffice.org are encouraged to read the security advisory information (safe links provided below) and update their software to the latest version at their earliest convenience.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

OpenOffice.org advisory:
http://www.openoffice.org/security/cves/CVE-2008-2152.html

Secunia Advisory:
http://secunia.com/advisories/30599/

FrSIRT Advisory:
http://www.frsirt.com/english/advisories/2008/1773

OpenOffice.org download page:
http://download.openoffice.org/index.html