OpenOffice.org has identified a highly critical security vulnerability in its open source word processing package OpenOffice 2.3 and prior versions.
In the security advisory OpenOffice.org warned of a security vulnerability in HSQLDB, the default database engine shipped
with OpenOffice.org 2 (all versions) which could allow attackers to execute
arbitrary static Java code by manipulating database documents to be
opened by a user.
OpenOffice.org has asked users to update to version 2.3.1 which is unaffected by the security vulnerability in the previous versions. You can download OpenOffice 2.3.1 here.