The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102794 Due to a Security Vulnerability in StarOffice, Manipulated StarCalc 1.0 Files May Allow Arbitrary Code Execution

Guest Author
Product: StarOffice 7 Office Suite, StarOffice 6.0 Office Suite, StarOffice 8 Office Suite

A security vulnerability with the way StarOffice/StarSuite versions 6, 7 and 8 process StarCalc 1.0 documents (.sdc) may allow a remote unprivileged user (who provides a StarCalc document that is opened by a local user) the ability to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.

Sun acknowledges, with thanks, John Heasman of NGS Software Ltd (www.ngssoftware.com) for bringing this issue to our attention.

This issue is also described in the following:

CVE-2007-0238 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238

Avoidance: Patch
State: Resolved
First released: 26-Mar-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.