Note: This is an archival copy of Security Sun Alert 200838 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000631.1.
StarOffice 8 Software
Date of Workaround Release
Date of Resolved Release
Due to a security vulnerability in StarOffice/StarSuite 8, manipulated WordPerfect files, which may have been provided by a local or remote untrusted user, may lead to heap overflow and arbitrary code execution.
This issue is described in the following documents:
This issue can occur in the following releases:
Note: StarOffice/StarSuite versions 6.0 and 7 are not impacted by this issue.
To determine the version of StarOffice installed on a system, the following command can be run (for /<staroffice program dir>/program/bootstraprc):
% cat bootstraprc | grep Product ProductKey=StarOffice 8 ProductPatch=(Product Update 2)
On the Windows platform, using the GUI, do the following (with StarOffice/StarSuite open):
The version is displayed first in the "about" text.
There are no predictable symptoms that would indicate the described issue has occurred.
To work around the described issue, only load WordPerfect files from known sources.
This issue is addressed in the following releases:
This solution has no attachment