Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
Apache OpenOffice Vulnerable To One-Click Code Execution
Apache OpenOffice 4.1.10 was released today to address a vulnerability affecting all versions of OpenOffice. Due to the way Apache OpenOffice pre-4.1.10 handles non-HTTPS hyperlinks, it could lead to "1-click" untrusted code execution.
This one-click code execution vulnerability affects OpenOffice on Windows, Linux, and macOS systems. With OpenOffice 4.1.10, a warning is now displayed when opening hyperlinks. It is believed this vulnerability has existed since the Sun Microsystems days when OpenOffice 2.0 was being developed in 2005.
More details on this OpenOffice vulnerability via Apache.org.
While LibreOffice has much of the spotlight when it comes to being the premiere open-source office suite these days, Apache notes that OpenOffice is still seeing up to 2.4 million downloads each month.