Friday, 18 September 2015 11:25

Apache OpenOffice yet to fix five-month-old bug

By

The Apache Software Foundation has not yet fixed a five-month-old bug in the office suite Apache OpenOffice, despite the fact that it opens an user to an easily exploitable situation.

The bug in question affects versions of OpenOffice,and also its ancestor, OpenOffice.org, older than 4.1.1 .

According to the Foundation, a vulnerability in OpenOffice's HWP filter allows attackers to cause a denial of service (memory corruption and application crash) or possibly execution of arbitrary code by preparing specially crafted documents in the HWP document format.

Documents with the HWP extension are known as Hanword documents, with Hanword being earlier known as Hangul Word Processor. Hangul is the Korean alphabet and this word processing system can save documents that are written in Hangul. Hanword is very popular in South Korea.

The Apache Software Foundation took over the development of OpenOffice.org when the suite was passed on to it by Oracle Corporation. Oracle, in turn, came into possession of OpenOffice.org when it acquired Sun Microsystems in 2010.

Many of the original developers of OpenOffice.org split off in late 2010 and set up a fork of the suite called LibreOffice which is run by a group known as The Document Foundation.

David Gerard, a software enthusiast who has provided details of the bug on his personal blog, writes: "They've known about this since April 2015 and haven't fixed it. They have distributed over eight million known-vulnerable copies of AOO since 27 April. (And the 143 million vulnerable before that.)"

According to the Apache Software Foundation, mitigation is quite easy: "Apache OpenOffice users are advised to remove the problematic library in the 'program' folder of their OpenOffice installation."

The Foundation says it plans to fix this vulnerability in version 4.1.2.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments