Risk: Medium
Three vulnerabilities have been reported in OpenOffice, which can be exploited by malicious people to compromise a user's system.
An error exists within the handling of certain Java applets in OpenOffice documents. This can be exploited by malicious Java applets to bypass sandbox restrictions and gain full access to system resources with current user privileges.
Another error exists within the handling of macros embedded in documents. This can be exploited to execute arbitrary basic code with full access to system resources without any user notification, if a malicious document is opened.
A boundary error exists within the handling of certain XML documents. This can be exploited to cause a buffer overflow and may allow arbitrary code execution when a specially crafted XML document is opened.
A patch has recently been issued for version 1.1.5 and users of version 2.0.x should upgrade to version 2.0.3 at http://download.openoffice.org/2.0.3/index.html