CVE-2021-30245: Apache OpenOffice Code Execution Vulnerability Alert

Apache OpenOffice, an Open Source office-document productivity suite comprising six productivity applications: Writer, Calc, Impress, Draw, Math, and Base. The OpenOffice suite is based around the OpenDocument Format (ODF), supports 41 languages, and ships for Windows, macOS, Linux 64-bit, and Linux 32-bit. Apache OpenOffice delivers up to 2.4 Million downloads each month. If you are still relying on the open-source office suite Apache OpenOffice in 2021, please upgrade to OpenOffice 4.1.10 version as soon as possible.

Apache OpenOffice 4.1.10 was officially released recently to resolve a vulnerability that affects all versions of OpenOffice. The CVE number is CVE-2021-30245. This vulnerability is caused by the way the previous version of Apache OpenOffice handles non-HTTPS hyperlinks, “allowing for 1-click code execution on Windows, Linux, and macOS systems via malicious executable files hosted on internet-accessible file shares.”

This vulnerability affects OpenOffice on Windows, Linux, and macOS systems. With the release of OpenOffice 4.1.10, a warning will now be displayed when opening a hyperlink. It is understood that this vulnerability already existed when Sun Microsystems developed OpenOffice 2.0 in 2005.