Article ID : |
1020715.1 |
Article Type : |
Sun Alerts (SURE) |
Last reviewed : |
2010-12-03 |
Audience : |
PUBLIC |
Copyright Notice: |
Copyright © 2010, Oracle Corporation and/or its affiliates. |
Security Vulnerability in StarOffice/StarSuite Related to Microsoft Word Document Handling may Lead to Arbitrary Code Execution
|
Category Security
Release Phase Resolved
Bug Id
6842152
Date of Resolved Release15-Sep-2009
Security Vulnerability in StarOffice/StarSuite ...
1. Impact
A security vulnerability in StarOffice/StarSuite, related to
Microsoft Word
document handling, may allow a remote unprivileged user to execute
arbitrary
code on the system with the privileges of a local user running
StarOffice/StarSuite,
if the local user opens a crafted Microsoft Word document provided by
the remote user.
Sun acknowledges with thanks, Dyon Balding of Secunia Research
(http://secunia.com/secunia_research/)
for bringing this issue
to our attention.
Additional information on this issue can be found at:
CVE-2009-0200 at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0200
CVE-2009-0201 at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0201
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- StarOffice/StarSuite 7 without product patch 14 (patch 116519-18)
- StarOffice 8 without update 13 (patch 120185-18)
- StarSuite 8 without update 13 (patch 120189-18)
- StarOffice 9 without update 3 (patch 142188-01)
- StarSuite 9 without update 3 (patch 142189-01)
x86 Platform
- StarOffice/StarSuite 7 without product patch 14 (patch 117073-16)
- StarOffice 8 without update 13 (patch 120186-18)
- StarSuite 8 without update 13 (patch 120190-18)
- StarOffice 9 without update 3 (patch 142190-01)
- StarSuite 9 without update 3 (patch 142191-01)
Linux Platform
- StarOffice/StarSuite 7 without product patch 14 (patch 116518-18)
- StarOffice 8 without update 13 (patch 120184-17)
- StarSuite 8 without update 13 (patch 120188-17)
- StarOffice 9 without update 3 (patch 142212-01)
- StarSuite 9 without update 3 (patch 142213-01
Windows Platform
- StarOffice/StarSuite 7 without product patch 14 for Windows
(patch 116520-17)
- StarOffice 8 without update 13 (patch 120187-17)
- StarSuite 8 without update 13 (patch 120191-17)
- StarSuite 8 Impress Standalone without update 13 for Windows
(patch 128021-05)
- StarOffice 9 (ar) without update 3 (patch 142193-01)
- StarOffice 9 (en-US) without update 3 (patch 142194-01)
- StarOffice 9 (de) without update 3 (patch 142195-01)
- StarOffice 9 (es) without update 3 (patch 142196-01)
- StarOffice 9 (it) without update 3 (patch 142197-01)
- StarOffice 9 (fr) without update 3 (patch 142198-01)
- StarOffice 9 (sv) without update 3 (patch 142199-01)
- StarOffice 9 (nl) without update 3 (patch 142200-01)
- StarOffice 9 (hu) without update 3 (patch 142201-01)
- StarOffice 9 (ru) without update 3 (patch 142202-01)
- StarOffice 9 (pl) without update 3 (patch 142203-01)
- StarOffice 9 (pt) without update 3 (patch 142204-01)
- StarOffice 9 (pt-BR) without update 3 (patch 142205-01)
- StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl, pt,pt-BR,
ar) without update 3 (patch 142206-01)
- StarSuite 9 (ja) without update 3 (patch 142207-01)
- StarSuite 9 (ko) without update 3 (patch 142208-01)
- StarSuite 9 (zh-CN) without update 3 (patch 142209-01)
- StarSuite 9 (zh-TW) without update 3 (patch 142210-01)
- StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) without update 3 (patch
142211-01)
Mac OSX x86 Platform
- StarOffice 9 (ar) without update 3 (patch 142214-01)
- StarOffice 9 (en-US) without update 3 (patch 142215-01)
- StarOffice 9 (de) without update 3 (patch 142216-01)
- StarOffice 9 (es) without update 3 (patch 142217-01)
- StarOffice 9 (it) without update 3 (patch 142218-01)
- StarOffice 9 (fr) without update 3 (patch 142219-01)
- StarOffice 9 (sv) without update 3 (patch 142220-01)
- StarOffice 9 (nl) without update 3 (patch 142221-01)
- StarOffice 9 (hu) without update 3 (patch 142222-01)
- StarOffice 9 (ru) without update 3 (patch 142223-01)
- StarOffice 9 (pl) without update 3 (patch 142224-01)
- StarOffice 9 (pt) without update 3 (patch 142225-01)
- StarOffice 9 (pt-BR) without update 3 (patch 142226-01)
- StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl,
pt,pt-BR, ar) without update 3 (patch 142227-01)
- StarSuite 9 (ja) without update 3 (patch 142228-01)
- StarSuite 9 (ko) without update 3 (patch 1422229-01)
- StarSuite 9 (zh-CN) without update 3 (patch 142230-01)
- StarSuite 9 (zh-TW) without update 3 (patch 142231-01)
- StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) without update 3 (patch
142232-01)
Note: Earlier versions of StarOffice/StarSuite are no longer
supported and will not be evaluated regarding this issue.
To determine the version of StarOffice/StarSuite installed on a
system, the following command can be executed:
% grep Product <program-dir>/program/bootstraprc ProductKey=StarOffice 9 ProductPatch=(Product Update 3)
where <program-dir> is the path to the StarOffice/StarSuite
installation directory.
The version of StarOffice/StarSutie can also be determined in
the GUI using the following steps:
1. Open the "Help" menu
2. Choose "About StarOffice" (StarSuite)
3. Symptoms
There are no predictable symptoms that would indicate this issue has
occurred.
4. Relief/Workaround
To workaround the described issue, do not load Microsoft Word
documents from untrusted sources.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
- StarOffice/StarSuite 7 with product patch 14 (patch 116519-18) or
later
- StarOffice 8 with update 13 (patch 120185-18) or later
- StarSuite 8 with update 13 (patch 120189-18) or later
- StarOffice 9 with update 3 (patch 142188-01) or later
- StarSuite 9 with update 3 (patch 142189-01) or later
x86 Platform
- StarOffice/StarSuite 7 with product patch 14 (patch 117073-16) or
later
- StarOffice 8 with update 13 (patch 120186-18) or later
- StarSuite 8 with update 13 (patch 120190-18) or later
- StarOffice 9 with update 3 (patch 142190-01) or later
- StarSuite 9 with update 3 (patch 142191-01) or later
Linux Platform
- StarOffice/StarSuite 7 with product patch 14 (patch 116518-18) or
later
- StarOffice 8 with update 13 (patch 120184-17) or later
- StarSuite 8 with update 13 (patch 120188-17) or later
- StarOffice 9 with update 3 (patch 142212-01) or later
- StarSuite 9 with update 3 (patch 142213-01 or later
Windows Platform
- StarOffice/StarSuite 7 with product patch 14 for Windows
(patch 116520-17) or later
- StarOffice 8 with update 13 (patch 120187-17) or later
- StarSuite 8 with update 13 (patch 120191-17) or later
- StarSuite 8 Impress Standalone with update 13 for Windows
(patch 128021-05) or later
- StarOffice 9 (ar) with update 3 (patch 142193-01) or later
- StarOffice 9 (en-US) with update 3 (patch 142194-01) or later
- StarOffice 9 (de) with update 3 (patch 142195-01) or later
- StarOffice 9 (es) with update 3 (patch 142196-01) or later
- StarOffice 9 (it) with update 3 (patch 142197-01) or later
- StarOffice 9 (fr) with update 3 (patch 142198-01) or later
- StarOffice 9 (sv) with update 3 (patch 142199-01) or later
- StarOffice 9 (nl) with update 3 (patch 142200-01) or later
- StarOffice 9 (hu) with update 3 (patch 142201-01) or later
- StarOffice 9 (ru) with update 3 (patch 142202-01) or later
- StarOffice 9 (pl) with update 3 (patch 142203-01) or later
- StarOffice 9 (pt) with update 3 (patch 142204-01) or later
- StarOffice 9 (pt-BR) with update 3 (patch 142205-01) or later
- StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl,
pt,pt-BR, ar) with update 3 (patch 142206-01) or later
- StarSuite 9 (ja) with update 3 (patch 142207-01) or later
- StarSuite 9 (ko) with update 3 (patch 142208-01) or later
- StarSuite 9 (zh-CN) with update 3 (patch 142209-01) or later
- StarSuite 9 (zh-TW) with update 3 (patch 142210-01) or later
- StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) with update 3 (patch
142211-01) or later
Mac OSX x86 Platform
- StarOffice 9 (ar) with update 3 (patch 142214-01) or later
- StarOffice 9 (en-US) with update 3 (patch 142215-01) or later
- StarOffice 9 (de) with update 3 (patch 142216-01) or later
- StarOffice 9 (es) with update 3 (patch 142217-01) or later
- StarOffice 9 (it) with update 3 (patch 142218-01) or later
- StarOffice 9 (fr) with update 3 (patch 142219-01) or later
- StarOffice 9 (sv) with update 3 (patch 142220-01) or later
- StarOffice 9 (nl) with update 3 (patch 142221-01) or later
- StarOffice 9 (hu) with update 3 (patch 142222-01) or later
- StarOffice 9 (ru) with update 3 (patch 142223-01) or later
- StarOffice 9 (pl) with update 3 (patch 142224-01) or later
- StarOffice 9 (pt) with update 3 (patch 142225-01) or later
- StarOffice 9 (pt-BR) with update 3 (patch 142226-01) or later
- StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl,
pt,pt-BR, ar) with update 3 (patch 142227-01) or later
- StarSuite 9 (ja) with update 3 (patch 142228-01) or later
- StarSuite 9 (ko) with update 3 (patch 1422229-01) or later
- StarSuite 9 (zh-CN) with update 3 (patch 142230-01) or later
- StarSuite 9 (zh-TW) with update 3 (patch 142231-01) or later
- StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) with update 3 (patch
142232-01) or later
For more information on Security Sun Alerts, see
StarOffice 8 Software
StarOffice 9 Software
116520-17, 120187-17, 120191-17, 128021-05, 142193-01, 142194-01, 142195-01, 142196-01, 142197-01, 142198-01, 142199-01, 142200-01, 142201-01, 142202-01, 142203-01, 142204-01, 142205-01, 142206-01, 142207-01, 142208-01, 142209-01, 142210-01, 142211-01, 116518-18, 120184-17, 120188-17, 142212-01, 142213-01,142214-01, 142215-01, 142216-01, 142217-01, 142218-01, 142219-01, 142220-01, 142221-01, 142222-01, 142223-01, 142224-01, 142225-01, 142226-01, 142227-01, 142228-01, 142229-01, 142230-01, 142231-01, 142232-01, 116519-18, 120185-18, 120189-18, 142188-01, 142189-01, 117073-16, 120186-18, 120190-18, 142190-01, 142191-01
Attachments This solution has no attachment
|