OpenOffice Targeted Data Exposure Using Crafted OLE Objects
- Apache OpenOffice 4.1.0 and older on Windows.
- OpenOffice.org versions are also affected.
Vendor: The Apache Software Foundation
The exposure exploits the way OLE previews are generated to embed arbitrary file data into a specially crafted document when it is opened. Data exposure is possible if the updated document is distributed to other parties.
Apache OpenOffice users are advised to upgrade to Apache OpenOffice 4.1.1. Users who are unable to upgrade immediately should be cautious when they are asked to "Update Links" for untrusted documents.
The Apache OpenOffice security team credits Open-Xchange for reporting this flaw.