Sun Issues Fix for StarOffice

(Sun Issues Fix for StarOffice) OpenOffice.org Bugs Let Java Scripts Escape the Sandbox, Macro Code Be Executed, or Arbitrary Code Be Executed on the Target System


Affected Version(s): StarOffice 6, 7, 8


Several vulnerabilities were reported in OpenOffice.org. A remote user can cause arbitrary code to be executed on the target user’s system. Sun StarOffice is affected.


A remote user can create a Java applet that, when loaded by the target user, will escape the Java ‘sandbox’ and gain full access to system resources with the privileges of the target user.


A remote user can create a specially crafted document that, when loaded by the target user, will cause arbitrary macro code to be executed with the privileges of the target user. Even systems that are configured to disable document macros are affected.


A remote user can create a specially crafted XML file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.


The vulnerabilities were discovered through internal audits.


Impact:  A remote user can create a file that, when loaded by the target user, will execute arbitrary code or gain access to system resources on the target user’s system.


Solution:  Sun has issued the fixes for Sun StarOffice, which is affected by the OpenOffice vulnerabilities.


The Sun advisories are available at:


http://sunsolve.sun.com/search/document.do?assetkey=1-26-102475-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102490-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1


http://securitytracker.com/alerts/2006/Jul/1016502.html

Leave a Reply