Apache OpenOffice Community Forum

Hello,

I downloaded Open Office 3.2 Thursday evening to open a document sent to me by a friend. Friday morning a scheduled scan by Microsoft Security Essentials discovered and removed Exploit Java/CVE 2008-5353 KM from Sun Java found in Open Office.

Its most likely a false positive. Did you download from here http://download.openoffice.org/index.html?

It shouldn't be in OOo 3.2.1. That vulnerability was in JRE 6 Update 10 and earlier. OOo 3.2.1 installs JRE 6 Update 20. Do you have any old JRE Updates still installed? I have OOo 3.2.1 installed on Vista and an MSE scan didn't find this threat.

http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-5353

Thank you all for your replies.

I would like to think it was a false positive since I enjoyed working with Open Office. Also, I have Java 6 update 21 installed, only. Prior versions are always removed, in some cases with JavaRa, before installing updates. Also I downloaded Open Office from its official website, at the link in thomasjk's reply. Could this alert possibly stem from the document I received which may have been composed using an older version of Open Office? I do not know. I do know it was not a false positive since Microsoft offers some information on the alert and more can be found in Google.

Exploit Java/CVE-20080-5353.KM
http://www.microsoft.com/security/porta ... 2147636287

At this point I have uninstalled everything involved, including Sun Java although I know I may eventually need it, which is unfortunate.

Again thank you all and I hope to return to Open Office again one day.

Well I'm running MSE and Java 1_6 update 20. I don't see this issue at all with V3.2.1 on Win 7.

Removed the first instance now got another
First Exploit:/Java/CVE-2009-3867.GM
SecondExploit:/Java/CVE-2008-3867.GM


Both Severe

MSE states file in C:\appData\locallow\Sun\Java\Department\cache\6.0\4.3\53509ab-4869787d>main.class

In my Active X there were 4 viruses associated with this, all called "Deployment Toolkit"
DEPLOYJAVA1.DLL

Disabeled them in my Win Patrol but seems there is no patch to delete them. Have no idea where this is coming from as went to the manufactures website for the download and it does have Open Office add on the download.

I am not a member of Open Office but was before my computer crashed and just have not added it back as I had to do a clean install, nothing to do with Open Office. But before I do I am concerned as to why this is happening, and would appreciate any help to get rid of this on my active x's.

Thank You

What happens if you D/L and install Java 1.6.21, check it for virus, then D/L and install OOo without Java?

Here is the strange part, I have again downloaded 1.6.21 and looks like everything is good, scanned and it says its fine. The on my tool bar a icon will come up to update Jave and that is where the virus seems to be coming from. Not sure what you mean by install Ooo without Java? Running two scanners right now, Microsoft new Full Service and MS Malicious to see if anything comes up.

Thank you for a fast reply..!

Ok wow I do have Open Office on my computer, had no idea as there is no desktop icon, and nothing in my start or programs showing it as downloaded but its there and it obviously is the problem. So I have removed all files and hope the disabeled ones in Active X stay that way. So some how when I downloaded Java it just put it on my computer, not happy about that and writing Sun Java home page as that is where I got the download and I saw that it mentioned you could use it with Open Office and all the benifits but it never said it was being downloaded. Thanks hope this may help others, be careful when you download that there is nothing elese attached.

It is possible to D/L OpenOffice with or without Java. Use www.openoffice.org and click on the download link. Do not accept the version offered, but click on "Get all platforms" link (under the version offered link), then pick a version for your language without Java.

Thank you I lost my Office when my PC crashed and since it came installed no way to get it back with a complete restore its gone. And I like Open Office so much better. Thank you will do that now.

Tinkerm wrote:MSE states file in C:\appData\locallow\Sun\Java\Department\cache\6.0\4.3\53509ab-4869787d>main.class

That file is in the Java cache and was probably from a Website you visited. I doubt that it was installed by either Java or OpenOffice.org. I have both installed and that file doesn't exist on my system. It just showed up on your MSE scan because it was added to the definitions on 26 Jul 2010. You might be able to delete it just by clearing the Java cache using the Java Control Panel.