Note: This is an archival copy of Security Sun Alert 201774 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001313.1. |
Category Security Release Phase Resolved StarOffice 7 Software StarOffice 8 Software Bug Id 6438334, 6438461 Date of Workaround Release 30-JUN-2006 Date of Resolved Release 10-JUL-2006 Impact A security vulnerability in StarOffice/StarSuite may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access to system resources with current user's privileges. As a result, the macro may delete/replace system files, read/send private data and/or cause additional security issues. Note: Disabling document macros will not prevent this issue. This issue is also described in CVE CAN-2006-2198 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Linux Platform
Windows
Note: StarOffice 6.0 is not affected by this issue. StarOffice 5.x will not be evaluated regarding the potential impact of this issue. Symptoms There are no predictable symptoms that would indicate the described issue has been exploited. Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Linux Platform
Windows
Modification History Date: 10-JUL-2006
Date: 19-JUL-2006
References116520-10116518-11 120191-05 120190-06 120189-06 120188-05 120187-05 120186-06 120185-06 120184-05 116519-11 117073-09 Attachments This solution has no attachment |
|