Oops. There is a cross platform bug out for Open Office.
From ZDNet UK
Security experts have discovered TIFF-based buffer overflow vulnerabilities in OpenOffice.org that could allow attackers to remotely execute code on Linux, Windows or Apple Mac-based computers.
OpenOffice version 2.0.4 and prior are vulnerable to maliciously crafted TIFF files, which can be delivered in an email attachment, published on a website or shared using P2P software. The next version of OpenOffice (version 2.3) arrived on 17 September and is not affected by the flaw.
The vulnerability was discovered by researchers at iDefense, who claim that the OpenOffice TIFF parsing code is flawed.
“When parsing the TIFF directory entries for certain tags, the parser uses untrusted values from the file to calculate the amount of memory to allocate. By providing specially crafted values, an integer overflow occurs in this calculation. This results in the allocation of a buffer of insufficient size, which in turn leads to a heap overflow,” the iDefense team reported last Friday.
Tags: Open Office Bug, OO Vulnerability, Cross Platform Bug
