This one was released yesterday. Sorry for the delay in getting to this one. There are several problems in Open Office that need to be addressed. There is currently no patch available that we’re aware of.
From Secunia:
Description:
Some vulnerabilities have been reported in OpenOffice.org, which potentially can be exploited by malicious people to compromise a user’s system.
1) Several vulnerabilities within the libwpd library used by OpenOffice.org can be exploited to cause heap-based buffer overflows and may allow the execution of arbitrary code by e.g. tricking a user into opening a specially crafted WordPerfect document.
For more information:
SA24507
2) A boundary error within the StarCalc parser can be exploited to cause a stack-based buffer overflow and may allow execution of arbitrary code by e.g. tricking a user into opening a specially crafted document.
3) Shell meta characters are not correctly escaped, which can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into opening a specially crafted document and clicking a malicious link.
Solution:
Do not open untrusted documents.
[tags]Open Office, OO Vulnerability, Remote Attack[/tags]
