LibreOffice vulnerable to Trojan Word files

LibreOffice vulnerable to Trojan Word files

The open source office suite behind the standing LibreOffice The Document Foundation (TDF) revealed now that were closed in August with the already released updates to the LibreOffice 3.4.3 and 3.3.4 versions of critical security gaps. The Foundation, founded by five weeks, the delayed announcement to heise Security so that it would allow users and distributors enough time to install the patched version, before the details are accessible on the shortcomings of the masses.

However, so far was not even clear that the updates close security gaps at all, as contained in the changelogs no indication of this. Many users are therefore likely to only now see the need, the Office suite to the latest state to take. It has primarily a critical out-of-bounds error when processing Word documents to be (doc.): When the user opens a specially crafted Word document, they can go unnoticed and unintentionally infect their computers with malicious code. What a mistake this is it exactly, was the Foundation Document is not known. It can be either about a buffer overflow. Has discovered the vulnerability, security expert Huzaifa Sidhpurwala of Red Hat.

The update to 3.4.3 LibreOffice also closes gaps that occur in the processing of image files in the formats Windows Metafile (. Wmf) and Enhanced Metafile (. Emf). In addition, other security-related issues have been resolved, the Foundation does not address the detail. The development team advises users of older versions and thus more vulnerable to immediately switch to the error-free builds. Whether the vulnerabilities are also available in OpenOffice, is currently unclear. The current stable version of OpenOffice was released in January and is expected to include even the few unpatched vulnerabilities.

Update: Also, OpenOffice can be infected with malicious code through specially crafted Word files. Debian has already closed the gap in its Linux distribution, it is expected to follow suit, the provider of the other major distributions. When the bug is fixed in the Windows build of OpenOffice is currently unclear. For security reasons, users of OpenOffice on Windows should upgrade to the latest version of LibreOffice.