Apache OpenOffice patched four medium vulnerabilities in the suites word processing and graphics apps.
If exploited, an attacker could craft a document that allows reading in a file from the user's filesystem by exploiting the way OpenOffice renders embedded objects, according to a 27 October OpenOffice advisory.
The threat actor could then retrieve information using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker.
The vulnerabilities included an arbitrary file disclosure flaw in Calc and Writer and three out-of-bounds flaws in Writer's WW8Fonts Constructor, Impress' PPT Filter, and Writer's ImportOldFormatStyles, respectively.
The vulnerabilities affected all Apache OpenOffice versions 4.1.3 and older and OpenOffice.org versions. Users are advised to install Apache OpenOffice 4.1.4 to prevent exploiting of the vulnerabilities.
None of the vulnerabilities, reportedly, have been exploited in the wild.