OpenOffice TIFF flaw affects Windows, Linux and Mac

Security experts have discovered TIFF-based buffer overflow vulnerabilities in OpenOffice, which could allow attackers to remotely execute code on Linux, Windows or Apple Mac-based computers.

OpenOffice versions 2.0.4 and prior are vulnerable to maliciously crafted TIFF file, which could be delivered in an e-mail attachment, published on a Web site or shared using P2P software. The next version of OpenOffice (version 2.3) arrived on 17 September and is not affected by the flaw.

The vulnerability was discovered by researchers at iDefense, who claim that the OpenOffice TIFF parsing code is flawed.

"When parsing the TIFF directory entries for certain tags, the parser uses untrusted values from the file to calculate the amount of memory to allocate. By providing specially crafted values, an integer overflow occurs in this calculation. This results in the allocation of a buffer of insufficient size, which in turn leads to a heap overflow," the iDefense team reported last Friday.

TrustDefender co-founder Andreas Baumhoff told ZDNet Australia: "This vulnerability allows someone to execute malicious code on your computer. It's an OpenOffice bug so it doesn't matter what type of operating system you run, it allows you to run malicious software with the same rights as the user who runs OpenOffice."

"At this stage, it's only confirmed on Linux," said Baumhoff. "But typically it would affect all operating systems. The only difference with Linux and Windows is that home users typically run Windows as the administrator."

In June, OpenOffice users were warned about a worm called BadBunny, which was spreading in the wild through multiple operating systems including Mac OS, Windows and Linux.

At the time, Symantec's Security Response posted an advisory that said: "A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux, and Mac OS X systems. Be cautious when handling OpenOffice files from unknown sources".

• Related stories

• Alerts

Add your opinion

1. I'm truly worried! Rex Alfie Lee -- 25/09/07

   In that I use both versions on Linux & Windows, I tremble with paralysis so the panic is not evident on the outside.
   
   Let me see, imminent destruction on either side --> not bloody likely for some time.
   
   I think the point of concern here is that these twirps set up some fear to make you think that M$ Office is safer. Well, it isn't. Many, many more vulnerabilities & heaps more opportunity.
   
   Nobody is going to bother attacking OO UNLESS they're paid by M$.

   • Reply to comment
   • Reply to story
   • Report offensive content

2. It's not my area but, Anonymous -- 25/09/07

   ... how does a heap overflow translate to running malicious code? All that would happen is that your computer runs out of memory. Restart and it's back to normal (until the image is opened again). It's not as if there is some asm/script embedded in the file.

   • Reply to comment
   • Reply to story
   • Report offensive content

   1. Yes not your area... Anonymous -- 26/09/07

      Go look up this type of vulnerbility on wiki or some other site. It is explained in simple terms how you can easily use this to exploit a computer.

      • Reply to comment
      • Report offensive content

3. Bad file gnoo nix -- 25/09/07

   let me have a look at one of the files so can see what happens.

   • Reply to comment
   • Reply to story
   • Report offensive content

• Just In

• Most Popular

• Most Discussed

Hot Spot - What's Important

Achieve continuous availability with high performance NonStop blade technology

Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.

Download Your Microsoft Unified Communications Fact Pack now.

Microsoft Unified Communications - Take your Self Assessment Today.

Reader Services

Popular Topics

Essentials