OpenOffice Calc Command Injection Vulnerability
Vendor: The Apache Software Foundation
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions may also be affected.
The vulnerability allows command injection when loading Calc spreadsheets. Specially crafted documents can be used for command-injection attacks. Further exploits are possible but have not been verified.
Apache OpenOffice users are advised to upgrade to Apache OpenOffice 4.1.1. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
The Apache OpenOffice security team credits Rohan Durve and James Kettle of Context Information Security as the discoverer of this flaw.
Member of the Apache OpenOffice Security Team