Last Updated: 2006-06-30 21:17:36 UTC
by David Goldsmith (Version: 1)
OpenOffice.org has additional security notes on their site that address the three specific issues:
- Java Applets
It is possible for some Java applets to break out of the secure "sandbox" in which they are normally constrained. The applet code could potentially have access to the entire system with whatever privileges the current user has.
A workaround is provided to temporarily disable support for Java applets. Instructions are provided for both 1.1.x and 2.0.x.
A flaw with the macro mechanism could allow an attacker to include certain macros that would be executed even if the user has disabled document macros. Such macros could potentially have access to the entire system with whatever privileges the current user has.
There is no workaround for this issue
- File Format
A flaw in the parsing of the XML file formats allows for possible buffer overflows in specially malformed documents. The buffer overflow can crash the OpenOffice.org application and might be exploitable for arbitrary code-execution.
There is no workaround for this issue.
Thanks to Juha-Matti for the heads-up.