A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user.
All versions prior to OpenOffice.org 2.3.1
There are no predictable symptoms that would indicate this issue has occurred
There is no workaround. See "Resolution" below.
This issue is addressed in the following releases:
HSQLDB 1.8.0.9 / OpenOffice.org 2.3.1