New Version of OpenOffice.Org Fixes Critical Bug has issued a patch for a security vulnerability affecting several versions of its open-source office suite.

The latest version, 2.4.1, is available for download on the organization's Web site.

The vulnerability is a memory problem called a heap overflow, said in an advisory. It can be exploited if an attacker sends someone an document that can take advantage of the flaw, which would then allow the hacker "to execute arbitrary commands on the system with the privileges of the user running"

So far, no working exploit has been reported, the organization said. The flaw affects version 2.0 through 2.4.

The upgrade also includes several other fixes and new features, which are listed at, which is supported in part by Sun Microsystems, competes with Microsoft's Office productivity suite.'s next major release, 3.0, is scheduled for September.

Copyright © 2008 IDG Communications, Inc.

Discover what your peers are reading. Sign up for our FREE email newsletters today!