Note: This is an archival copy of Security Sun Alert 231641 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1018996.1.
Date of Resolved Release
Security Vulnerability for ODF Text Documents Containing XForms in StarOffice 8/StarSuite 8
1. ImpactA security vulnerability with the way StarOffice/StarSuite 8 processes ODF text documents with XForms, using the 3rd party library ICU, may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite, or to cause a Denial Of Service (DoS) to the application (excessive memory consumption or application crash).
This issue is described in the following documents:
CVE-2007-4770 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770
CVE-2007-4771 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771
2. Contributing FactorsThis issue can occur in the following releases:
To determine the version of StarOffice/StarSuite installed on a system, the following command can be run (for <program dir>/program/bootstraprc):
% grep Product bootstraprcOr using the GUI, do the following (with StarOffice/StarSuite open):
3. SymptomsThere are no predictable symptoms that would indicate this issue has occurred.
4. WorkaroundThere is no workaround for this issue. Please see the Resolution section below.
5. ResolutionThis issue is addressed in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
StarOffice 8 Software
StarSuite 8 Software
This solution has no attachment