Security experts found that the OpenOffice system experienced a TIFF buffer vulnerability, which allows attackers to execute remote code and ignore the operating system. It is reported that, linux, Windows, and Apple mac OS X are all threatened.
This vulnerability occurs in OpenOffice 2.0.4. When a user opens a malicious TIFF file in an unknown email attachment, the file can be infected by malware, which has been widely spread through P2P networks.
Researchers who discovered this vulnerability said that the TIFF Parsing Code of OpenOffice is simply wrong, which will cause the above problems.
"When parsing certain tags in the TIFF directory entries, the parser can use untrusted values provided by files, resulting in memory overflow. If a complete set of malicious code is carefully prepared, you can achieve insufficient buffer allocation, which in turn can lead to a heap practice overflow"
It is reported that the OpenOffice software version 2.3.0 released in September 17 has fixed this vulnerability. We recommend that you update OpenOffice to the latest version.