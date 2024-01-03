Security Vulnerability Discovered in Apache OpenOffice

In the realm of open-source office software suites, Apache OpenOffice maintains its stature as a leading figure, widely applauded for its extensive array of functionalities that span from word processing to database management. However, the software has recently faced a security challenge.

A Moderate Severity Vulnerability

A security vulnerability has been discovered in versions of Apache OpenOffice up to 4.1.14. Designated with a moderate severity level, it could allow an attacker to write the contents of a file to a new location of their choosing. This flaw emerges from a potential attacker’s ability to construct an Open Document Base (OBD) that houses a ‘database/script’ file with a SCRIPT command.

No Known Exploits but Proof Exists

While there are no known exploits of this vulnerability in the wild, a proof-of-concept demonstration has confirmed its existence, raising concerns. The potential implications of this flaw could be far-reaching, underscoring the necessity of swift corrective measures.

The Role of External Contributors

The Apache OpenOffice Security Team has acknowledged the efforts of external contributors in addressing this vulnerability. They expressed gratitude towards Gregor Kopf of Secfault Security GmbH in Germany for identifying and reporting the flaw, and to Fred Toussi for proposing a solution within the HSQLDB component.

Correcting the Record

The recent announcement serves to correct an earlier disclosure sent on December 28, 2023, which contained inaccurate information concerning the affected software versions. This revised communication underscores Apache OpenOffice’s commitment to transparency and the security of its user community.