Note: This is an archival copy of Security Sun Alert 242627 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019632.1.
StarOffice 7 Software
StarSuite 7 Software
StarOffice 8 Software
StarSuite 8 Software
Date of Resolved Release
A security vulnerability with the way StarOffice/StarSuite 7 and 8 process Windows Metafile (.wmf) files:
A security vulnerability with the way StarOffice/StarSuite 7 and 8 process Windows Metafile (.wmf) files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.
This issue is described in the following document:
CVE-2008-2237 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2237
Sun acknowledges with thanks, an anonymous researcher working with the SureRun security team (http://www.SureRun.cn).
2. Contributing Factors
This issue can occur in the following releases:
To determine the version of StarOffice/StarSuite installed on a system, the following command can be run (for <program dir>/program/bootstraprc):
% grep Product bootstraprcOr by using the GUI, do the following (with StarOffice/StarSuite open):
There are no predictable symptoms that would indicate this issue has occurred.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment