Patch Issued for Critical OpenOffice.org Flaw

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

A patch has been widely released for a vulnerability in the OpenOffice.org productivity suite, a problem rated as "highly critical" by one security vendor.

The flaw could be exploited by creating a malicious file in the Windows Metafile (WMF) or Enhanced Metafile (EMF) formats. If the file was opened by a user, it could start running unauthorized code on a computer, according to an advisory by Linux distribution vendor Red Hat, which offers the OpenOffice.org suite with several of its products.

OpenOffice.org is a free software suite that includes a word processor, spreadsheet and a presentation program. It's a competitor to Microsoft Corp.'s Office suite, although it's not as widely used.

OpenOffice.org has published a patch, which in turn is being distributed by Red Hat.

No Public Exploits Yet

The problem was first reported in October, but the vendors who distribute OpenOffice--who often work together on security issues--opted not to issue the patch until OpenOffice.org acknowledged earlier this week it was a security issue, said Mark Cox, director of Red Hat's Security Response Team.

No public exploits or even proof-of-concept code has been discovered, he added.

Red Hat rated the flaw as only "important" since a user would have to open a malicious file, Cox said. Red Hat users will either receive an update automatically or notification to upgrade their software, he added.

Secunia, however, rated the vulnerability as "highly critical," a rank of "four" on a five-number scale of increasing severity.

The WMF format proved problematic for OpenOffice.org's rival in 2006. After pressure from its customers, Microsoft issued an out-of-cycle patch early last year for its operating systems after widespread attempts to exploit a WMF vulnerability. The flaw--one of the top security problems of 2006--also left Windows systems vulnerable to running code if a malicious WMF was opened.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
  
Shop Tech Products at Amazon