Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploitable Buffer Overflow in OpenOffice.org

Posted by timothy on from the doc-should-lose-its-license dept.

Memorize writes "It turns out that OpenOffice.org can't read MS Office documents safely, either. A buffer overflow in OpenOffice.org has been confirmed and would allow an attacker to write a specially-constructed .doc file that will take control over an OpenOffice.org user's machine. This vulnerability is exploitable and it exists on every computer with OpenOffice 1.14 or 2.0b installed. OpenOffice.org will have a fix ready within days, but how quickly will Linux users patch? This paves the way for Linux users to be vulnerable to a virus that spreads by sending itself as email attachments which unsuspecting users then open. Could the first real Linux virus be drawing near?" Not from the sound of it: the article says that users would still have to be convinced "to open a malicious document with an unpatched application."

3 of 64 comments (clear)

  1. Well, this proves it! by El · · Score: 4, Funny

    The OpenOffice developers MUST be copying Microsoft code!

    --

    "Freedom means freedom for everybody" -- Dick Cheney

  2. Re:No real security advisor? by Anonymous Coward · · Score: 1, Funny

    If it attacks the spellchecker, you're safe. :)

  3. How long? by terriblecertainty · · Score: 2, Funny

    OpenOffice.org will have a fix ready within days, but how quickly will Linux users patch?

    However long it takes emerge to finish. Duh.