Note: This is an archival copy of Security Sun Alert 243226 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019663.1.
Date of Resolved Release
StarOffice 7 Software
StarSuite 7 Software
StarOffice 8 Software
StarSuite 8 Software
A security vulnerability with the way StarOffice/StarSuite 7 and 8 process EMF files:
A security vulnerability with the way StarOffice/StarSuite 7 and 8 process EMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.
This issue is described in the following document:
CVE-2008-2238 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2238
Sun acknowledges with thanks, an anonymous researcher working with the iDefense VCP (http://labs.idefense.com/vcp/) for bringing this issue to our attention.
2. Contributing Factors
This issue can occur in the following releases:
To determine the version of StarOffice/StarSuite installed on a system, the following command can be run (for <program dir>/program/bootstraprc):
% grep Product bootstraprcOr by using the GUI, do the following (with StarOffice/StarSuite open):
There are no predictable symptoms that would indicate this issue has occurred
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment