Announced April 27, 2015
Updated October 28, 2015
A vulnerability in OpenOffice's HWP filter allows attackers to
craft malicious documents that cause denial of service (memory
corruption and application crash) and possible execution of
Vendor: The Apache Software Foundation
All Apache OpenOffice versions 4.1.1 and older are affected.
OpenOffice.org versions are also affected.
Update to Apache OpenOffice 4.1.2 or a later version.
This mitigation drops Apache OpenOffice support for documents
created in "Hangul Word Processor" format. The filter is not
installed; it will not be used even if present.
Workarounds and Document Migration
Users of older HWP-format documents that are already trusted
should convert those documents to other formats before removing
the filter or upgrading to Apache OpenOffice version 4.1.2.
Apache OpenOffice users who do not upgrade can remove the
problematic filter themselves. The filter is in the "program"
folder of their OpenOffice installation. On Windows the filter
is named "hwp.dll", on Mac it is named "libhwp.dylib" and on
Linux it is named "libhwp.so". Alternatively the filter can
be renamed to anything else (e.g. "hwp_renamed.dll") to disable