The bug in question affects versions of OpenOffice,and also its ancestor, OpenOffice.org, older than 4.1.1 .
According to the Foundation, a vulnerability in OpenOffice's HWP filter allows attackers to cause a denial of service (memory corruption and application crash) or possibly execution of arbitrary code by preparing specially crafted documents in the HWP document format.
Documents with the HWP extension are known as Hanword documents, with Hanword being earlier known as Hangul Word Processor. Hangul is the Korean alphabet and this word processing system can save documents that are written in Hangul. Hanword is very popular in South Korea.
The Apache Software Foundation took over the development of OpenOffice.org when the suite was passed on to it by Oracle Corporation. Oracle, in turn, came into possession of OpenOffice.org when it acquired Sun Microsystems in 2010.
David Gerard, a software enthusiast who has provided details of the bug on his personal blog, writes: "They've known about this since April 2015 and haven't fixed it. They have distributed over eight million known-vulnerable copies of AOO since 27 April. (And the 143 million vulnerable before that.)"
According to the Apache Software Foundation, mitigation is quite easy: "Apache OpenOffice users are advised to remove the problematic library in the 'program' folder of their OpenOffice installation."
The Foundation says it plans to fix this vulnerability in version 4.1.2.