Buffer Overflow and Integer Underflow Vulnerabilities in OpenOffice Writer could lead to arbitrary code execution

http://secunia.com/secunia_research/2009-26/
http://secunia.com/secunia_research/2009-27/

"Secunia Research has discovered a vulnerability in OpenOffice.org,
which can be exploited by malicious people to potentially compromise
a user's system.

The vulnerability is caused by a boundary error when parsing certain
records and can be exploited to cause a heap-based buffer overflow via
a specially crafted document.

Successful exploitation may allow execution of arbitrary code."

A second vulnerability leads to the same results via an integer
underflow (when subtraction of two integers leads to a number out of
bounds, which could cause a number of errors, including buffer
overflows, memory corruption, etc.).

This issue affects OpenOffice 3.1. It is recommended that users upgrade
to OpenOffice 3.1.1 when it is available. Users are also reminded not
to open unknown attachments which may cause malicious documents.