Sun Alert 102794 Due to a Security Vulnerability in StarOffice, Manipulated StarCalc 1.0 Files May Allow Arbitrary Code Execution
By security on May 17, 2007
A security vulnerability with the way StarOffice/StarSuite versions 6, 7 and 8 process StarCalc 1.0 documents (.sdc) may allow a remote unprivileged user (who provides a StarCalc document that is opened by a local user) the ability to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.
Sun acknowledges, with thanks, John Heasman of NGS Software Ltd (www.ngssoftware.com) for bringing this issue to our attention.
This issue is also described in the following:
CVE-2007-0238 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238