Note: This is an archival copy of Security Sun Alert 263508 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020715.1.
Article ID : 1020715.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-03
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in StarOffice/StarSuite Related to Microsoft Word Document Handling may Lead to Arbitrary Code Execution



Category
Security

Release Phase
Resolved

Bug Id
6842152

Date of Resolved Release
15-Sep-2009

Security Vulnerability in StarOffice/StarSuite ...

1. Impact

A security vulnerability in StarOffice/StarSuite, related to Microsoft Word
document handling, may allow a remote unprivileged user to execute arbitrary
code on the system with the privileges of a local user running StarOffice/StarSuite,
if the local user opens a crafted Microsoft Word document provided by the remote user.

Sun acknowledges with thanks, Dyon Balding of Secunia Research
(http://secunia.com/secunia_research/) for bringing this issue
to our attention.

Additional information on this issue can be found at:

CVE-2009-0200 at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0200

CVE-2009-0201 at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0201


2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • StarOffice/StarSuite 7 without product patch 14 (patch 116519-18)
  • StarOffice 8 without update 13 (patch 120185-18)
  • StarSuite 8 without update 13 (patch 120189-18)
  • StarOffice 9 without update 3 (patch 142188-01)
  • StarSuite 9 without update 3 (patch 142189-01)

x86 Platform

  • StarOffice/StarSuite 7 without product patch 14 (patch 117073-16)
  • StarOffice 8 without update 13 (patch 120186-18)
  • StarSuite 8 without update 13 (patch 120190-18)
  • StarOffice 9 without update 3 (patch 142190-01)
  • StarSuite 9 without update 3 (patch 142191-01)

Linux Platform

  • StarOffice/StarSuite 7 without product patch 14 (patch 116518-18)
  • StarOffice 8 without update 13 (patch 120184-17)
  • StarSuite 8 without update 13 (patch 120188-17)
  • StarOffice 9 without update 3 (patch 142212-01)
  • StarSuite 9 without update 3 (patch 142213-01

Windows Platform

  • StarOffice/StarSuite 7 without product patch 14 for Windows (patch 116520-17)
  • StarOffice 8 without update 13 (patch 120187-17)
  • StarSuite 8 without update 13 (patch 120191-17)
  • StarSuite 8 Impress Standalone without update 13 for Windows (patch 128021-05)
  • StarOffice 9 (ar) without update 3 (patch 142193-01)
  • StarOffice 9 (en-US) without update 3 (patch 142194-01) 
  • StarOffice 9 (de) without update 3 (patch 142195-01)
  • StarOffice 9 (es) without update 3 (patch 142196-01)
  • StarOffice 9 (it) without update 3 (patch 142197-01)
  • StarOffice 9 (fr) without update 3 (patch 142198-01)
  • StarOffice 9 (sv) without update 3 (patch 142199-01)
  • StarOffice 9 (nl) without update 3 (patch 142200-01)
  • StarOffice 9 (hu) without update 3 (patch 142201-01)
  • StarOffice 9 (ru) without update 3 (patch 142202-01)
  • StarOffice 9 (pl) without update 3 (patch 142203-01)
  • StarOffice 9 (pt) without update 3 (patch 142204-01)
  • StarOffice 9 (pt-BR) without update 3 (patch 142205-01)
  • StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl, pt,pt-BR, ar) without update 3 (patch 142206-01)
  • StarSuite 9 (ja) without update 3 (patch 142207-01)
  • StarSuite 9 (ko) without update 3 (patch 142208-01)
  • StarSuite 9 (zh-CN) without update 3 (patch 142209-01)
  • StarSuite 9 (zh-TW) without update 3 (patch 142210-01)
  • StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) without update 3 (patch 142211-01)

Mac OSX x86 Platform

  • StarOffice 9 (ar) without update 3 (patch 142214-01)
  • StarOffice 9 (en-US) without update 3 (patch 142215-01) 
  • StarOffice 9 (de) without update 3 (patch 142216-01)
  • StarOffice 9 (es) without update 3 (patch 142217-01)
  • StarOffice 9 (it) without update 3 (patch 142218-01)
  • StarOffice 9 (fr) without update 3 (patch 142219-01)
  • StarOffice 9 (sv) without update 3 (patch 142220-01)
  • StarOffice 9 (nl) without update 3 (patch 142221-01)
  • StarOffice 9 (hu) without update 3 (patch 142222-01)
  • StarOffice 9 (ru) without update 3 (patch 142223-01)
  • StarOffice 9 (pl) without update 3 (patch 142224-01)
  • StarOffice 9 (pt) without update 3 (patch 142225-01)
  • StarOffice 9 (pt-BR) without update 3 (patch 142226-01)
  • StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl, pt,pt-BR, ar) without update 3 (patch 142227-01)
  • StarSuite 9 (ja) without update 3 (patch 142228-01)
  • StarSuite 9 (ko) without update 3 (patch 1422229-01)
  • StarSuite 9 (zh-CN) without update 3 (patch 142230-01)
  • StarSuite 9 (zh-TW) without update 3 (patch 142231-01)
  • StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) without update 3 (patch 142232-01)

Note: Earlier versions of StarOffice/StarSuite are no longer
supported and will not be evaluated regarding this issue.

To determine the version of StarOffice/StarSuite installed on a
system, the following command can be executed:

		% grep Product <program-dir>/program/bootstraprc
 ProductKey=StarOffice 9
ProductPatch=(Product Update 3)

where <program-dir> is the path to the StarOffice/StarSuite
installation directory.

The version of StarOffice/StarSutie can also be determined in
the GUI using the following steps:

1. Open the "Help" menu
2. Choose "About StarOffice" (StarSuite)


3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred.


4. Relief/Workaround

To workaround the described issue, do not load Microsoft Word documents from untrusted sources.



5. Resolution

This issue is addressed in the following releases:

SPARC Platform

  • StarOffice/StarSuite 7 with product patch 14 (patch 116519-18) or later
  • StarOffice 8 with update 13 (patch 120185-18) or later
  • StarSuite 8 with update 13 (patch 120189-18) or later
  • StarOffice 9 with update 3 (patch 142188-01) or later
  • StarSuite 9 with update 3 (patch 142189-01) or later

x86 Platform

  • StarOffice/StarSuite 7 with product patch 14 (patch 117073-16) or later
  • StarOffice 8 with update 13 (patch 120186-18) or later
  • StarSuite 8 with update 13 (patch 120190-18) or later
  • StarOffice 9 with update 3 (patch 142190-01) or later
  • StarSuite 9 with update 3 (patch 142191-01) or later

Linux Platform

  • StarOffice/StarSuite 7 with product patch 14 (patch 116518-18) or later
  • StarOffice 8 with update 13 (patch 120184-17) or later
  • StarSuite 8 with update 13 (patch 120188-17) or later
  • StarOffice 9 with update 3 (patch 142212-01) or later
  • StarSuite 9 with update 3 (patch 142213-01 or later

Windows Platform

  • StarOffice/StarSuite 7 with product patch 14 for Windows (patch 116520-17) or later
  • StarOffice 8 with update 13 (patch 120187-17) or later
  • StarSuite 8 with update 13 (patch 120191-17) or later
  • StarSuite 8 Impress Standalone with update 13 for Windows (patch 128021-05) or later
  • StarOffice 9 (ar) with update 3 (patch 142193-01) or later
  • StarOffice 9 (en-US) with update 3 (patch 142194-01) or later
  • StarOffice 9 (de) with update 3 (patch 142195-01) or later
  • StarOffice 9 (es) with update 3 (patch 142196-01) or later
  • StarOffice 9 (it) with update 3 (patch 142197-01) or later
  • StarOffice 9 (fr) with update 3 (patch 142198-01) or later
  • StarOffice 9 (sv) with update 3 (patch 142199-01) or later
  • StarOffice 9 (nl) with update 3 (patch 142200-01) or later
  • StarOffice 9 (hu) with update 3 (patch 142201-01) or later
  • StarOffice 9 (ru) with update 3 (patch 142202-01) or later
  • StarOffice 9 (pl) with update 3 (patch 142203-01) or later
  • StarOffice 9 (pt) with update 3 (patch 142204-01) or later
  • StarOffice 9 (pt-BR) with update 3 (patch 142205-01) or later
  • StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl, pt,pt-BR, ar) with update 3 (patch 142206-01) or later
  • StarSuite 9 (ja) with update 3 (patch 142207-01) or later
  • StarSuite 9 (ko) with update 3 (patch 142208-01) or later
  • StarSuite 9 (zh-CN) with update 3 (patch 142209-01) or later
  • StarSuite 9 (zh-TW) with update 3 (patch 142210-01) or later
  • StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) with update 3 (patch 142211-01) or later

Mac OSX x86 Platform

  • StarOffice 9 (ar) with update 3 (patch 142214-01) or later
  • StarOffice 9 (en-US) with update 3 (patch 142215-01) or later
  • StarOffice 9 (de) with update 3 (patch 142216-01) or later
  • StarOffice 9 (es) with update 3 (patch 142217-01) or later
  • StarOffice 9 (it) with update 3 (patch 142218-01) or later
  • StarOffice 9 (fr) with update 3 (patch 142219-01) or later
  • StarOffice 9 (sv) with update 3 (patch 142220-01) or later
  • StarOffice 9 (nl) with update 3 (patch 142221-01) or later
  • StarOffice 9 (hu) with update 3 (patch 142222-01) or later
  • StarOffice 9 (ru) with update 3 (patch 142223-01) or later
  • StarOffice 9 (pl) with update 3 (patch 142224-01) or later
  • StarOffice 9 (pt) with update 3 (patch 142225-01) or later
  • StarOffice 9 (pt-BR) with update 3 (patch 142226-01) or later
  • StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl, pt,pt-BR, ar) with update 3 (patch 142227-01) or later
  • StarSuite 9 (ja) with update 3 (patch 142228-01) or later
  • StarSuite 9 (ko) with update 3 (patch 1422229-01) or later
  • StarSuite 9 (zh-CN) with update 3 (patch 142230-01) or later
  • StarSuite 9 (zh-TW) with update 3 (patch 142231-01) or later
  • StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) with update 3 (patch 142232-01) or later


For more information on Security Sun Alerts, see

StarOffice 8 Software
StarOffice 9 Software








116520-17, 120187-17, 120191-17, 128021-05, 142193-01, 142194-01,
142195-01, 142196-01, 142197-01, 142198-01, 142199-01, 142200-01,
142201-01, 142202-01, 142203-01, 142204-01, 142205-01, 142206-01,
142207-01, 142208-01, 142209-01, 142210-01, 142211-01, 116518-18,
120184-17, 120188-17, 142212-01, 142213-01,142214-01, 142215-01,
142216-01, 142217-01, 142218-01, 142219-01, 142220-01, 142221-01,
142222-01, 142223-01, 142224-01, 142225-01, 142226-01, 142227-01,
142228-01, 142229-01, 142230-01, 142231-01, 142232-01, 116519-18,
120185-18, 120189-18, 142188-01, 142189-01, 117073-16, 120186-18,
120190-18, 142190-01, 142191-01



Attachments

This solution has no attachment