Note: This is an archival copy of Security Sun Alert 200637 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000498.1.
StarOffice 8 Software
Date of Workaround Release
Date of Resolved Release
A security vulnerability in HSQLDB (the default database engine shipped with StarOffice 8), may allow a remote unprivileged user who provides a StarOffice database document that is opened by a local user to execute arbitrary Java code on the system with the privileges of the user running StarOffice/StarSuite 8.
This issue is also described in the following document:
CVE-2007-4575 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4575
This issue can occur in the following releases:
Note: Earlier versions of StarOffice/StarSuite are not affected by this issue.
To determine the version of StarOffice/StarSuite installed on a system, the following command can be run (for <programdir>/program/bootstraprc):
% grep Product bootstraprc ProductKey=StarOffice 8 ProductPatch=(Product Update 5)
Or using the GUI, do the following (with StarOffice/StarSuite open):
The version is displayed first in the "about" text.
There are no predictable symptoms that would indicate this issue has been exploited.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
For more information on Security Sun Alerts, see Sun 1009886.1.
This solution has no attachment