Note: This is an archival copy of Security Sun Alert 200608 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000470.1. |
Category Security Release Phase Resolved StarOffice 7 Software StarOffice 6.0 Office Suite StarOffice 8 Software Bug Id 6498220, 6498221, 6498574 Date of Resolved Release 09-JAN-2007 Impact A security vulnerability with the way StarOffice/StarSuite 6, 7 and 8 process Windows Metafile (.wmf) files may allow a remote unprivileged user the ability to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. Sun would like to acknowledge, with thanks, John Heasman of NGS Software Ltd. for bringing this issue to our attention. This issue is also described in the following document: CVE CAN-2006-5870 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-5870 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Linux Platform
Windows Platform
To determine the version of StarOffice installed on a system, the following command can be run (for '/<staroffice program dir>/program/bootstraprc'): % grep Product bootstraprc ProductKey=StarOffice 8 ProductPatch=(Product Update 2) Or using the GUI, do the following (with StarOffice/StarSuite open):
The version is displayed first in the "about" text. Symptoms There are no predictable symptoms that would indicate the described issue has been exploited. Workaround There is no workaround for this issue. Please see the Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Linux Platform
Windows Platform
References120186-09120189-09 120187-08 120190-09 120191-08 120184-08 120188-08 112885-06 112886-06 112887-06 112888-06 116520-11 120185-09 116518-12 117073-10 116519-12 Attachments This solution has no attachment |
|