Note: This is an archival copy of Security Sun Alert 201558 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001164.1.
StarOffice 7 Software
StarOffice 6.0 Office Suite
StarOffice 8 Software
6442187, 6442204, 6445984
Date of Workaround Release
Date of Resolved Release
It may be possible for a local or remote unprivileged user to crash StarOffice/StarSuite or to execute arbitrary commands with the privileges of a user running the StarOffice/StarSuite application by inducing that user to load a specially crafted StarOffice/StarSuite document.
This issue is also described in the following document:
CVE CAN-2006-3117 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117
This issue can occur in the following releases:
Note: StarOffice 5.x will not be evaluated regarding the potential impact of the issue described in this Sun Alert.
To determine the version of StarOffice installed on a system, the following command can be run (for /<staroffice program dir>/program/bootstraprc):
% cat bootstraprc | grep Product ProductKey=StarOffice 8 ProductPatch=(Product Update 2)
Or using the GUI, do the following (with StarOffice/StarSuite open):
The version is displayed first in the "about" text.
There are no predictable symptoms that would indicate this issue has been exploited to execute code with the privileges of a local user.
There is no workaround to this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
This solution has no attachment