Exploitable Buffer Overflow in OpenOffice.org

Memorize writes "It turns out that OpenOffice.org can't read MS Office documents safely, either. A buffer overflow in OpenOffice.org has been confirmed and would allow an attacker to write a specially-constructed .doc file that will take control over an OpenOffice.org user's machine. This vulnerability is exploitable and it exists on every computer with OpenOffice 1.14 or 2.0b installed. OpenOffice.org will have a fix ready within days, but how quickly will Linux users patch? This paves the way for Linux users to be vulnerable to a virus that spreads by sending itself as email attachments which unsuspecting users then open. Could the first real Linux virus be drawing near?" Not from the sound of it: the article says that users would still have to be convinced "to open a malicious document with an unpatched application."

Re:A security hole by any other name...

[0x461FAB0BD7D2]

Perhaps, more interestingly, Linux users would be more willing to open malicious documents convinced that viruses and worms are the sole domain of Windows.

I would guess that generally speaking though, Linux users are a tad more tech-savvy than the Windows users, at least at this point. Not because of any bias, but simply because the majority of Linux users currently are the tech-oriented, as they are always amongst the first adopters of new technology.

Already fixed in openoffice-ximian for Gentoo

[Dammital]

The fix for Gentoo bug #88863 was marked stable for x86 yesterday. Sometimes there's some value in compiling your own.

Yeah, I'm a fanboy.

Re:Already fixed in openoffice-ximian for Gentoo

[Curtman]

Sometimes there's some value in compiling your own.

... And sometimes there's no need. The openoffice-bin-1.1.4-r1 ebuild contains the fix as well, and won't take 6 hours to compile.

Yeah, I'm a fanboy too. :)