Note: This is an archival copy of Security Sun Alert 201558 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001164.1. |
Category Security Release Phase Resolved StarOffice 7 Software StarOffice 6.0 Office Suite StarOffice 8 Software Bug Id 6442187, 6442204, 6445984 Date of Workaround Release 30-JUN-2006 Date of Resolved Release 14-JUL-2006 Impact It may be possible for a local or remote unprivileged user to crash StarOffice/StarSuite or to execute arbitrary commands with the privileges of a user running the StarOffice/StarSuite application by inducing that user to load a specially crafted StarOffice/StarSuite document. This issue is also described in the following document: CVE CAN-2006-3117 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Linux Platform
Windows Platform
Note: StarOffice 5.x will not be evaluated regarding the potential impact of the issue described in this Sun Alert. To determine the version of StarOffice installed on a system, the following command can be run (for /<staroffice program dir>/program/bootstraprc): % cat bootstraprc | grep Product ProductKey=StarOffice 8 ProductPatch=(Product Update 2) Or using the GUI, do the following (with StarOffice/StarSuite open):
The version is displayed first in the "about" text. Symptoms There are no predictable symptoms that would indicate this issue has been exploited to execute code with the privileges of a local user. Workaround There is no workaround to this issue. Please see the Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Linux Platform
Windows Platform
Modification History Date: 10-JUL-2006 10-Jul-2006:
Date: 14-JUL-2006 14-Jul-2006:
References120184-05120185-06 120186-06 120187-05 120188-05 120189-06 120190-06 120191-05 116518-11 116519-11 117073-09 116520-10 112885-05 112886-05 112887-05 112888-05 Attachments This solution has no attachment |
|