Security Vulnerability in StarOffice 8 May Lead to Heap Overflow and Arbitrary Code Execution |
|
| Category : | Security |
| Release Phase : | Resolved |
| Product : | StarOffice 8 Software
|
| Bug Id : | 6520258
|
| Date of Workaround Release : | 10-APR-2007
|
| Date of Resolved Release : | 17-MAY-2007
|
Due to a security vulnerability in StarOffice/StarSuite 8, manipulated WordPerfect files, which may have been provided by a local or remote untrusted user, may lead to heap overflow and arbitrary code execution.
This issue is described in the following documents:
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
x86 Platform
Linux Platform
Windows Platform
Note: StarOffice/StarSuite versions 6.0 and 7 are not impacted by this issue.
To determine the version of StarOffice installed on a system, the following command can be run (for /<staroffice program dir>/program/bootstraprc):
% cat bootstraprc | grep Product
ProductKey=StarOffice 8
ProductPatch=(Product Update 2)
On the Windows platform, using the GUI, do the following (with StarOffice/StarSuite open):
- Open the "Help" menu
- Choose "About StarOffice" (StarSuite)
The version is displayed first in the "about" text.
Symptoms
There are no predictable symptoms that would indicate the described issue has occurred.
Workaround
To work around the described issue, only load WordPerfect files from known sources.
Resolution
This issue is addressed in the following releases:
SPARC Platform
x86 Platform
Linux Platform
Windows Platform
Modification HistoryDate: 17-MAY-2007
- State: Resolved
- Updated Contributing Factors and Resolution sections
AttachmentsThis solution has no attachment
Sun Contracted Content
Sun Contracted Feature
