Two recommended updates — potentially serious vulnerabilities — no in-the-wild exploits reported.
CVE-2007-4575
OpenOffice.org, a popular office suite application, contains a security vulnerability in the default database engine for all versions prior to OpenOffice.org 2.3.1.
Database documents may allow attackers to execute arbitrary code. Updating to version 2.3.1 is the recommended solution.
CVE-2007-6262
VLC media player, a free media player application by the VideoLAN project, contains a vulnerability in its ActiveX plugin that could allow specifically crafted websites to execute arbitrary code.
The vulnerability is limited to the local user's privileges and exploitation requires the user to visit a maliciously crafted website using VLC media player's ActiveX plugin.
Avoiding the ActiveX plugin is an available workaround. The plugin is an optional component during VLC installation.
