Dmitri Gribenko

**Name of the Vulnerable Software and Affected Versions** OpenOffice.org (OOo) versions 3.x before 3.3 **Description** The issue is related to the environment variable LD LIBRARY PATH in Apache OpenOffice office programs, which is connected to a lack of privilege control mechanisms and access management means. Exploitation of this issue may allow an attacker to gain unauthorized access to confidential data, cause a denial of service, or impact data integrity. It is specifically noted that the `soffice` component in OpenOffice.org places a zero-length directory name in the `LD LIBRARY PATH`, allowing local users to gain privileges via a Trojan horse shared library in the current working directory. **Recommendations** For OpenOffice.org (OOo) versions 3.x before 3.3, consider updating to version 3.3 or later to resolve the issue. As a temporary workaround, restrict access to the `LD LIBRARY PATH` environment variable to minimize the risk of exploitation. Avoid using shared libraries from untrusted sources in the current working directory until the issue is resolved.