OpenOffice.org has issued a patch for a security vulnerability affecting several versions of its open-source office suite.
The latest version, 2.4.1, is available for
download on the organization’s Web site.
The vulnerability is a memory problem called a heap overflow, OpenOffice.org said in an advisory. It can be exploited if an attacker sends someone an OpenOffice.org document that can take advantage of the flaw, which would then allow the hacker “to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org.”
So far, no working exploit has been reported, the organization said. The flaw affects version 2.0 through 2.4.
The upgrade also includes several other fixes and new features, which are
listed at OpenOffice.org.
OpenOffice.org, which is supported in part by Sun Microsystems, competes with Microsoft’s Office productivity suite. OpenOffice.org’s next major release, 3.0, is scheduled for September.