OpenOffice Calc Command Injection Vulnerability
- Apache OpenOffice 4.1.0 and older on Windows.
- OpenOffice.org versions are also affected.
Vendor: The Apache Software Foundation
The vulnerability allows command injection when loading Calc spreadsheets. Specially crafted documents can be used for command-injection attacks. Further exploits are possible but have not been verified.
Apache OpenOffice users are advised to upgrade to Apache OpenOffice 4.1.1. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
The Apache OpenOffice security team credits Rohan Durve and James Kettle of Context Information Security as the discoverer of this flaw.