The latest version of OpenOffice fixes several vulnerabilities that could cause a computer to become compromised by a remote attacker.
OpenOffice.org has issued version 3.2, which adds a lengthy list of new features and improves the suite’s overall performance while also fixing six vulnerabilities.
Three of those problems could allow a remote attacker to execute code. In one of those cases, a malicious XPM file—a type of image format supported by ODF (OpenDocument Format)—could be maliciously crafted and allow remote user to execute other code on the computer with the same privileges as the local user.
The suite had a similar vulnerability involving the GIF image format, which has also been fixed. The third vulnerability could allow an attacker to take over a PC by getting a user to open a maliciously crafted Microsoft Word document. All three of those vulnerabilities affect all versions of OpenOffice.org prior to version 3.2.
Hackers increasingly look for these three kinds of vulnerabilities, since users can be targeted by e-mail, and various social engineering tricks can be employed to try to get them to open a document.
In theory, these vulnerabilities could affect Mac users of OpenOffice, since the program uses the same code base across different platforms. However, there have been no reports of hackers exploiting such a hole on the Mac. Still, Mac users who run OpenOffice should upgrade to the latest version, which can be downloaded from OpenOffice.org.
Macworld.com staff contributed to this report.