Note: This is an archival copy of Security Sun Alert 201259 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000942.1.
StarOffice 7 Software
StarOffice 6.0 Office Suite
StarOffice 8 Software
Date of Resolved Release
Opening manipulated documents which trigger an overflow in the freetype library may allow arbitrary command execution on the system with the privileges of the user running StarOffice/StarSuite.
This issue is referenced in the following document:
CVE-2007-2754 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2754
This issue can occur in the following releases:
Note 1: StarOffice/StarSuite on the Windows platform is not affected by this issue.
Note 2: StarOffice/StarSuite earlier versions will not be evaluated regarding this issue.
To determine the version of StarOffice installed on a system, the following command can be run (for /<staroffice program dir>/program/bootstraprc):
% cat bootstraprc | grep Product ProductKey=StarOffice 8 ProductPatch=(Product Update 2)
Or using the GUI, do the following (with StarOffice/StarSuite open):
The version is displayed first in the "about" text.
There are no predictable symptoms that would indicate this issue has occurred.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
This solution has no attachment