In a somber reminder that security vulnerabilities can strike anywhere, security experts have discovered a cross-platform vulnerability in OpenOffice.org that could allow remote code execution on Windows, Linux, and MacOS-based computers.
The vulnerability was discovered by researchers in iDefense, who found that OpenOffice version 2.0.4 and earlier versions were susceptible to maliciously crafted TIFF files. OpenOffice version 2.3, which arrived on September 17, 2007, is not affected by this flaw.
"When parsing the TIFF directory entries for certain tags, the parser uses untrusted values from the file to calculate the amount of memory to allocate. By providing specially crafted values, an integer overflow occurs in this calculation. This results in the allocation of a buffer of insufficient size, which in turn leads to a heap overflow," the iDefense team reported last Friday.
According to TrustDefender co-founder Andreas Baumhof, "This vulnerability allows someone to execute malicious code on your computer. It's an OpenOffice bug, so it doesn't matter what type of operating system you run... "
You can read more about this from OpenOffice's security bulletin, Manipulated TIFF files can lead to heap overflows and arbitrary code execution.
So there you go, get your OpenOffice upgraded to the latest version as soon as possible.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.