The latest version of OpenOffice fixes several vulnerabilities that could cause a computer to become compromised by a remote attacker.
OpenOffice.org has issued version 3.2, which adds a lengthy list of new features and improves the suite’s overall performance while also fixing six vulnerabilities.
Three of those problems could allow a remote attacker to execute code. In one of those cases, a malicious XPM file — a type of image format supported by ODF (OpenDocument Format) — could be maliciously crafted and allow remote user to execute other code on the computer with the same privileges as the local user.
The suite had a similar vulnerability involving the GIF image format, which has also been fixed. The third vulnerability could allow an attacker to take over a PC by getting a user to open a maliciously crafted Microsoft Word document. All three of those vulnerabilities affect all versions of OpenOffice.org prior to version 3.2.
Hackers increasingly look for these three kinds of vulnerabilities, since users can be targeted by e-mail, and various social engineering tricks can be employed to try to get them to open a document. The latest version can be downloaded from OpenOffice.org.