Apache OpenOffice Vulnerable To One-Click Code Execution

Written by Michael Larabel in Free Software on 4 May 2021 at 09:10 AM EDT. 50 Comments
If you are still relying on Apache OpenOffice in 2021 you might want to really make it a goal this year to transition to the much more featureful LibreOffice, but in any case you'll want to move at least to OpenOffice 4.1.10.

Apache OpenOffice 4.1.10 was released today to address a vulnerability affecting all versions of OpenOffice. Due to the way Apache OpenOffice pre-4.1.10 handles non-HTTPS hyperlinks, it could lead to "1-click" untrusted code execution.

This one-click code execution vulnerability affects OpenOffice on Windows, Linux, and macOS systems. With OpenOffice 4.1.10, a warning is now displayed when opening hyperlinks. It is believed this vulnerability has existed since the Sun Microsystems days when OpenOffice 2.0 was being developed in 2005.

More details on this OpenOffice vulnerability via Apache.org.

While LibreOffice has much of the spotlight when it comes to being the premiere open-source office suite these days, Apache notes that OpenOffice is still seeing up to 2.4 million downloads each month.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week