Exploitable Buffer Overflow in OpenOffice.org

Memorize writes "It turns out that OpenOffice.org can't read MS Office documents safely, either. A buffer overflow in OpenOffice.org has been confirmed and would allow an attacker to write a specially-constructed .doc file that will take control over an OpenOffice.org user's machine. This vulnerability is exploitable and it exists on every computer with OpenOffice 1.14 or 2.0b installed. OpenOffice.org will have a fix ready within days, but how quickly will Linux users patch? This paves the way for Linux users to be vulnerable to a virus that spreads by sending itself as email attachments which unsuspecting users then open. Could the first real Linux virus be drawing near?" Not from the sound of it: the article says that users would still have to be convinced "to open a malicious document with an unpatched application."

Here is the patch

[dolmen.fr]

The patch is available here:
http://ftp.stardiv.de/pub/OpenOffice.org/contrib/r c/1.1.4secpatch/ [stardiv.de]

Here is the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=4 6388 [openoffice.org]

And the BugTraq report:
http://www.derkeiler.com/Mailing-Lists/securityfoc us/bugtraq/2005-04/0150.html [derkeiler.com]