A security vulnerability affecting OpenOffice.org 1.1.4 and earlier, as well as 2.0beta, including the developer builds, was recently detected. It has been fixed and a patch is available for immediate download for all users of OpenOffice.org 1.1.4. Users of earlier releases (1.1.3 and prior) must upgrade. Users of 2.0beta are requested to download the latest beta, OpenOffice.org 1.9.95. It will include the patch and be ready shortly. Operating systems affected: All, including Linux, Solaris, Windows, Mac OS X (X11) (NeoOffice/J users of the latest release are not affected.) For other platforms, go to the Porting homepage for more information. * Porting Project: <http://porting.openoffice.org/> The patch can be found here: <http://download.openoffice.org/1.1.4/security_patch.html> installation is easy and instructions are on the page listed above. We are requesting that all CD distributors and partners of OpenOffice.org include the security patch. If you are not sure your copy of OpenOffice.org 1.1.4 is secure, download the patch and be sure. How serious is the problem? The problem resides in how OpenOffice.org handles Microsoft Office .doc files. A malicious user could send such a file asan attachment to you containing code that would allow them to execute arbitrary commands on your computer should you open that document in OpenOffice.org. See the security advisory for more information: <http://www.securityfocus.com/archive/1/395516> Be safe by always making sure that you only open attachments from trusted persons. Regards The OpenOffice.org Team Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see ~ http://www.mwn.ca <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> See my Anti-Virus pages <http://www3.telus.net/mikebike/mikes_virus_page.htm> <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance & OWTA Charter Member -- ** Remove the anti-virus footer, ads, and this line and everything below when replying ** For a web-based membership management utility and information on list policies, please see http://www.freelists.org/webpage/24hoursupport To unsubscribe, send a blank email to 24hoursupport-request@xxxxxxxxxxxxx with "unsubscribe" (without quotes) in the subject.