Multiple vulnerabilities were reported in Openoffice.org, which could lead to compromise of a vulnerable system.
Some of the vulnerabilities were originally reported in the libwpd library used by Openoffice.org, and could be exploited by tricking an unsuspecting user into opening a specially crafted Wordperfect document. Successful exploitation may cause a denial of service (DoS), or allow an attacker to execute arbitrary code on the vulnerable system.
A vulnerability in StarCalc parser could be exploited to cause a stack-based buffer overflow and compromise a vulnerable system. However, for this to take place, an attack must also trick an unsuspecting user into opening a specially crafted document using StarCalc.
The final vulnerability is due to shell meta characters not being properly escaped, which can be exploited to inject and execute arbitrary shell commands. Successful exploitation also entails that the user is tricked into opening a specially crafted document and clicking on a malicious link.
All vulnerabilities discussed in the advisory currently remain unpatched. Users are urged not to open untrusted documents. For more information, refer to:
The whole article by Secunia