Will Dormann and Jared Allar discovered that the Lotus Word Pro import filter of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft Office, is not properly handling object ids in the ".lwp" file format. An attacker can exploit this with a specially crafted file and execute arbitrary code with the rights of the victim importing the file. The oldstable distribution is not affected by this problem.