Apache OpenOffice is vulnerable to a denial of service, caused by a billion laughs attack. By persuading a victim to open a specially-crafted XML file, a remote attacker could exploit this vulnerability to cause a denial of service.
Apache OpenOffice installer for Windows could allow a local attacker to gain elevated privileges on the system. The DEB package installs using a userid and groupid of 500 instead of root. An attacker could exploit this vulnerability to trigger a malicious attack on files owned by that user or group if they exist.
Upgrade to the latest version of OpenOffice, available from the Apache Web site.