New OpenOffice bug affects Mac, Linux, as well as Windows

Posted Sep 25th 2007 6:00PM by Ted Wallingford
Filed under: Security, Windows, Macintosh, Linux, OpenOffice.org

ZDNet UK is reporting that a just-discovered bug in OpenOffice can victimize versions of the software running on Mac and Linux in addition to Windows. The bug allows an attacker to use malformed TIFF images to run malicious code on the user's computer, ostensibly for the purpose of spreading the malicious code like a trojan. The official explanation of a heap overflow exploit can be found here. (Sounds likes when there's too much garbage in our can.)

OpenOffice's developers have not yet released a fix for the bug (update: the bug does not exist in version 2.3 or newer), but the firm that discovered it is advising OpenOffice users to "be careful" with attachments received from unknown sources. Good advice--whether you run OpenOffice, Microsoft Office, or Wordstar.

Tags: openoffice, security, virus, worm

Reader Comments (Page 1 of 1)

1

9-25-2007 @ 9:35PM

Chuck said...

But according to the ZDNet article: "The next version of OpenOffice (version 2.3) arrived on 17 September and is not affected by the flaw."

I installed 2.3, so I shouldn't be worried about this bug, correct?

Reply

2

9-26-2007 @ 1:49AM

James Roche said...

Maybe it would be kind to acknowledge the following:

1) It's taken a really long time for someone to discover, and no one yet has taken the opportunity to employ, this flaw.

2) The latest version already includes a patch.

This story comes across as a bit of a "just as bad as Microsoft" hit job. The fact is, when civilians find hackable flaws in Windows or IE, the fixes are insufferable and frequently ignored for a duration. This announcement is more noble than shameful, the Open Office movement deserves a retraction.

Reply

3

9-26-2007 @ 6:25AM

catchwa said...

Next time read the article, Ted. The have released a fix, it's called updating to the latest version.

Reply

4

9-26-2007 @ 6:19PM

Huw said...

The second paragraph of that article says that not only is it version 2.0.4 *and prior*, but also that version 2.3 is unaffected.

I think you should post an apology, Ted.

Reply

View Posts By

Categories

Audio (803)

Beta (283)

Blogging (662)

Business (1368)

Design (790)

Developer (936)

E-mail (501)

Finance (124)

Fun (1681)

Games (531)

Internet (4569)

Kids (129)

Office (491)

OS Updates (554)

P2P (170)

Photo (454)

Podcasting (169)

Productivity (1279)

Search (204)

Security (521)

Social Software (1011)

Text (441)

Troubleshooting (45)

Utilities (1816)

Video (974)

VoIP (131)

web 2.0 (583)

Web services (3205)

Companies

Adobe (177)

AOL (43)

Apache Foundation (1)

Apple (466)

Canonical (29)

Google (1276)

IBM (29)

Microsoft (1277)

Mozilla (431)

Novell (16)

OpenOffice.org (41)

PalmSource (11)

Red Hat (18)

Symantec (14)

Yahoo! (343)

License

Commercial (659)

Shareware (193)

Freeware (1891)

Open Source (867)

Misc

Podcasts (13)

Features (371)

Hardware (170)

News (1099)

Holiday Gift Guide (15)

Platforms

Windows (3512)

Windows Mobile (412)

BlackBerry (40)

Macintosh (2033)

iPhone (74)

Linux (1538)

Unix (74)

Palm (178)

Symbian (120)

Columns

Ask DLS (10)

Analysis (24)

Browser Tips (277)

DLS Podcast (5)

Googleholic (179)

How-Tos (94)

DLS Interviews (19)

Design Tips (15)

Mobile Minute (114)

Mods (69)

Time-Wasters (362)

Weekend Review (30)

Imaging Tips (34)

RESOURCES

• Send us news tips
• Contact Us
• Advertise
• Corrections?
• Problems?

RSS NEWSFEEDS

• 
• Feeds by category

Sponsored Links

Advertise with Download Squad

Most Commented On (60 days)

• Microsoft: Think twice about IE7 before upgrading to XP SP3 (19)
• Wanna write for Download Squad? (13)
• Flipping the Linux switch: Cairo-Dock is pain free eye candy (11)
• Microsoft's I'm Initiative hits Hotmail (10)
• Yahoo! releases statement: Glad that's over (8)
• Yahoo acquires Inquisitor: Oh no? (8)
• Windows XP SP3 now available through Windows Update (7)
• AIMP2 - An alternative media player (7)
• Googleholic for May 9, 2008 (7)
• TorrentSpy hit with $111 million fine for copyright violation (7)

Recent Comments

• Joe on TorrentSpy hit with $111 million fine for copyright violation
• Huadian Zhang on WordPress 2.5.1 security update
• Grant Robertson on Wanna write for Download Squad?
• Christian Walters on Wanna write for Download Squad?
• Bluestocking on USB AutoRunner launches apps or documents when you plug in a flash drive
• kingkool68 on Innocent Spam: Displeased with the measurement of your Willy?
• Grant Robertson on Wanna write for Download Squad?
• Janet on Innocent Spam: Displeased with the measurement of your Willy?
• keeves on eBay considers PayPal requirement, invites Australians antitrust scrutiny
• Taomyn on eBay considers PayPal requirement, invites Australians antitrust scrutiny

Urlesque Headlines

• Wide Wurld of Urlesque: A Week of Awesome!
• Dan Meth's 8-Bit Memes
• Just Because It's Raining, the Internet Is Asleep and My Mom Will Like It
• Animal Masks And Bike Gangs
• How I Blogged My Stimulus

BloggingStocks Tech Coverage

• AAPL Apple Inc
• ADBE Adobe Systems
• AKAM Akamai Technologies
• AMZN Amazon
• CSCO Cisco Systems
• DELL Dell
• EBAY eBay
• GOOG Google
• INTC Intel
• INTU Intuit Inc
• JAVA Sun Microsystems
• MOT Motorola
• MSFT Microsoft
• NOK Nokia Corp
• ORCL Oracle Corp
• PALM Palm Inc
• RHT Red Hat Inc
• RIMM Research in Motion
• SYMC Symantec Corp
• TWX AOL Time Warner
• YHOO Yahoo!

More from AOL Money and Finance

• Auto Loans
• Banking
• Checking Account
• Credit Cards
• Credit Reports
• Debt Management
• Identity Theft
• Insurance
• Loans
• Money
• Mortgages
• Online Tax Filing
• Personal Loans
• Refinancing
• Retirement
• Savings Account
• Small Business
• Stock Charts
• Stock Quotes
• Stock Screener

More Tech Coverage

• Control Shift It's all about the experience
• Somewhat Frank Perspectives on tech as it fuses in everyday life
• Switched Gadgets, web news and commentary
• Urlesque Exposing bits of the web

Weblogs, Inc. Network

• Autos
  • Autoblog
  • AutoblogGreen
  • Autoblog Spanish
  • Autoblog Chinese
  • Autoblog Simplified Chinese
• Technology
  • Download Squad
  • Engadget
  • Engadget HD
  • Engadget Mobile
  • Engadget Chinese
  • Engadget Simplified Chinese
  • Engadget Japanese
  • Engadget Spanish
  • Switched
  • TUAW (Apple)
• Lifestyle
  • AisleDash
  • DIY Life
  • Gadling
  • Green Daily
  • Luxist
  • ParentDish
  • Slashfood
  • Styledash
  • That's Fit
• Gaming
  • Joystiq
  • DS Fanboy
  • Massively
  • Nintendo Wii Fanboy
  • PS3 Fanboy
  • PSP Fanboy
  • WoW Insider
  • Xbox 360 Fanboy
• Entertainment
  • Cinematical
  • TV Squad
• Finance
  • BloggingBuyouts
  • BloggingStocks
  • WalletPop
• Also on AOL
  • African-American Culture
  • Autos
  • Games
  • Maps
  • Money
  • Movies
  • Music
  • News
  • Radio
  • Sports
  • Television
  Travel

All contents copyright © 2003-2008, Weblogs, Inc. All rights reserved

Download Squad is a member of the Weblogs, Inc. Network. Privacy Policy, Terms of Service, Notify AOL