OpenOffice patches vulnerability, but how many people will notice?

Angus Kidman
Saturday, 06 January 2007 08:33

Your IT - Home IT

A new patch for OpenOffice helps fix a critical bug that could allows hackers to take control of individual PCs -- but simply locating it could prove a challenge for many users.

The patch fixes a vulnerability which affects all versions of OpenOffice apart from the most recent release, version 2.1. The way earlier releases handle WMF graphics files could potentially allow a hacker to use a buffer overflow to launch malicious code.

A patch which fixes the bug on all major OpenOffice platforms was made available on January 2. However, existing OpenOffice users may remain unaware of the bug for some time.

While the security patches are available on the OpenOffice FTP server, no link to them had been provided on the main, download or support pages of the OpenOffice site as this story was posted.

Higher visibility would ensure more users download the patch, and eliminate the common scenario of an acknowledged security flaw continuing to affect users who don't realise it can be eliminated. However, even more automated security systems, such as that used in Microsoft Office, aren't always successful.