Sun Alert 102794 Due to a Security Vulnerability in StarOffice, Manipulated StarCalc 1.0 Files May Allow Arbitrary Code Execution

Product: StarOffice 7 Office Suite, StarOffice 6.0 Office Suite, StarOffice 8 Office Suite

A security vulnerability with the way StarOffice/StarSuite versions 6, 7 and 8 process StarCalc 1.0 documents (.sdc) may allow a remote unprivileged user (who provides a StarCalc document that is opened by a local user) the ability to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.

Sun acknowledges, with thanks, John Heasman of NGS Software Ltd (www.ngssoftware.com) for bringing this issue to our attention.

This issue is also described in the following:

CVE-2007-0238 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238

Avoidance: Patch
State: Resolved
First released: 26-Mar-2007
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today