NEWS FROM THE LAB - Monday, December 10, 2007

Security Advisories Posted by Sean @ 11:48 GMT

Two recommended updates — potentially serious vulnerabilities — no in-the-wild exploits reported.

Open Office.Org Advisory


OpenOffice.org, a popular office suite application, contains a security vulnerability in the default database engine for all versions prior to OpenOffice.org 2.3.1.

Database documents may allow attackers to execute arbitrary code. Updating to version 2.3.1 is the recommended solution.

VLC Advisory


VLC media player, a free media player application by the VideoLAN project, contains a vulnerability in its ActiveX plugin that could allow specifically crafted websites to execute arbitrary code.

The vulnerability is limited to the local user's privileges and exploitation requires the user to visit a maliciously crafted website using VLC media player's ActiveX plugin.

Avoiding the ActiveX plugin is an available workaround. The plugin is an optional component during VLC installation.

Updating to version 0.8.6d resolves the issue.