SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   StarOffice Vendors:   Sun
(Sun Issues Fix for StarOffice) OpenOffice Buffer Overflow in EMF Parser Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1021232
SecurityTracker URL:  http://securitytracker.com/id/1021232
CVE Reference:   CVE-2008-2238   (Links to External Site)
Updated:  Jul 20 2009
Original Entry Date:  Nov 14 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7, 8
Description:   A vulnerability was reported in OpenOffice.org Office Suite. A remote user can cause arbitrary code to be executed on the target user's system. Sun StarOffice is affected.

A remote user can create a specially crafted EMF file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Version 3.0 is not affected.

An anonymous researcher reported this vulnerability via iDefense.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   Sun has issued a fix for StarOffice, which is affected by this vulnerability.

SPARC Platform

* StarOffice/StarSuite 7 with product patch 13 (patch 116519-17) or later
* StarOffice 8 with update 12 (patch 120185-17) or later
* StarSuite 8 with update 12 (patch 120189-17) or later

x86 Platform

* StarOffice/StarSuite 7 with product patch 13 (patch 117073-15) or later
* StarOffice 8 with update 12 (patch 120186-17) or later
* StarSuite 8 with update 12 (patch 120190-17) or later

Linux Platform

* StarOffice/StarSuite 7 with product patch 13 (patch 116518-17) or later
* StarOffice 8 with update 12 (patch 120184-16) or later
* StarSuite 8 with update 12 (patch 120188-16) or later

Windows Platform

* StarOffice/StarSuite 7 with product patch 13 (patch 116520-16) or later
* StarOffice 8 with update 12 (patch 120187-16) or later
* StarSuite 8 with update 12 (patch 120191-16) or later
* StarSuite 8 Impress Standalone without patch 128021-05

The Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-243226-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-243226-1 (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Oct 29 2008 OpenOffice Buffer Overflow in EMF Parser Lets Remote Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC