URL Handling Security Vulnerability (Linux/Solaris)
- Synopsis: The OpenOffice.org URL handler could allow command execution using shell metacharacters in Linux and Solaris.
- State: Resolved for Linux.
If a user running OpenOffice.org from a shell terminal in Linux or Solaris opens an untrusted URL, malicious code could be arbitrarily executed on the user's computer.
This issue is also described in
Issue ID#: 58013, 72543
2. Affected releases
All 2.x versions prior to OpenOffice.org 2.2 for Linux and Solaris
All 1.x versions for Linux and Solaris.
There are no predictable symptoms that would indicate the described issue has been exploited.
There is no workaround. See "Resolution" below.
This issue is addressed in the following releases:
OpenOffice.org 1.5 Patch, OpenOffice.org 2.2 for Linux (affected system)