|
Note: This is an archival copy of Security Sun Alert 200637 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000498.1. |
Category Security Release Phase Resolved StarOffice 8 Software Bug Id 6621547 Date of Workaround Release 07-DEC-2007 Date of Resolved Release 11-DEC-2007 Impact A security vulnerability in HSQLDB (the default database engine shipped with StarOffice 8), may allow a remote unprivileged user who provides a StarOffice database document that is opened by a local user to execute arbitrary Java code on the system with the privileges of the user running StarOffice/StarSuite 8. This issue is also described in the following document: CVE-2007-4575 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4575 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Linux
Windows
Note: Earlier versions of StarOffice/StarSuite are not affected by this issue. To determine the version of StarOffice/StarSuite installed on a system, the following command can be run (for <programdir>/program/bootstraprc): % grep Product bootstraprc ProductKey=StarOffice 8 ProductPatch=(Product Update 5) Or using the GUI, do the following (with StarOffice/StarSuite open):
The version is displayed first in the "about" text. Symptoms There are no predictable symptoms that would indicate this issue has been exploited. Workaround There is no workaround for this issue. Please see the Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Linux
Windows
For more information on Security Sun Alerts, see Sun 1009886.1. Modification History Date: 11-DEC-2007
References120184-12120185-13 120186-13 120187-12 120188-12 120189-13 120190-13 120191-12 Attachments This solution has no attachment | |||||||||||||||
|
|