Manipulated Database Documents for StarOffice/StarSuite 8 May Lead to Arbitrary Code Execution |
|
| Category : | Security |
| Release Phase : | Resolved |
| Product : | StarOffice 8 Software
|
| Bug Id : | 6621547
|
| Date of Workaround Release : | 07-DEC-2007
|
| Date of Resolved Release : | 11-DEC-2007
|
A security vulnerability in HSQLDB (the default database engine shipped with StarOffice 8), may allow a remote unprivileged user who provides a StarOffice database document that is opened by a local user to execute arbitrary Java code on the system with the privileges of the user running StarOffice/StarSuite 8.
This issue is also described in the following document:
CVE-2007-4575 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4575
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
x86 Platform
Linux
Windows
Note: Earlier versions of StarOffice/StarSuite are not affected by this issue.
To determine the version of StarOffice/StarSuite installed on a system, the following command can be run (for <programdir>/program/bootstraprc):
% grep Product bootstraprc
ProductKey=StarOffice 8
ProductPatch=(Product Update 5)
Or using the GUI, do the following (with StarOffice/StarSuite open):
- Open the "Help" menu
- Choose "About StarOffice" (StarSuite)
The version is displayed first in the "about" text.
Symptoms
There are no predictable symptoms that would indicate this issue has been exploited.
Workaround
There is no workaround for this issue. Please see the Resolution section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
x86 Platform
Linux
Windows
For more information on Security Sun Alerts, see Sun Infodoc 91209.
Modification HistoryDate: 11-DEC-2007
- Updated Contributing Factors and Resolution sections
- State: Resolved
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
