Note: This is an archival copy of Security Sun Alert 231642 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1018997.1.
StarOffice 7 Software
StarOffice 8 Software
StarSuite 7 Software
StarSuite 8 Software
Date of Workaround Release
Date of Resolved Release
Security Vulnerability for OLE Files in StarOffice 7 and 8, StarSuite 7 and 8
1. ImpactA security vulnerability with the way StarOffice/StarSuite 7 and 8 process OLE files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.
OLE is typically used with MS Office documents (these typically have names ending in 'doc', 'ppt', 'xls', etc.) but the issue might also occur with documents from StarOffice 5 and older versions (for example, with names ending in 'sdw', 'sdc', 'sdi', etc).
Sun acknowledges with thanks, an anonymous researcher working with the iDefense Vulnerability Contributor Program (VCP) at http://labs.idefense.com/vcp/.
This issue is described in the following:
CVE-2008-0320 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320
2. Contributing FactorsThis issue can occur in the following releases:
To determine the version of StarOffice/StarSuite installed on a system, the following command can be run (for <program dir>/program/bootstraprc):
% grep Product bootstraprcOr using the GUI, do the following (with StarOffice/StarSuite open):
3. SymptomsThere are no predictable symptoms that would indicate this issue has occurred.
4. WorkaroundThere is no workaround for this issue. Please see the Resolution section below.
5. ResolutionThis issue is addressed in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
28-Apr-2008: Updated Resolution section to add link for Security Technical Instruction doc
01-May-2008: Updated Contributing Factors and Resolution sections, RESOLVED
This solution has no attachment