By posting this, I am not trying to state that OpenOffice / StarOffice is in any worse condition than MS Office from a security standpoint. This article merely indicates that security flaws happen also in Open Source software and as shown impacts both StarOffice and OpenOffice at the same time. I have seen no news on exploits of these bugs yet …
…March 27, 2007 (Computerworld) — Bugs in Sun Microsystems Inc.’s StarOffice and OpenOffice.org’s OpenOffice application suites allow attackers to snatch control of a computer by serving up malicious documents or URLs, the two organizations said yesterday.
The flaws are in StarOffice’s StarCalc spreadsheet and in how the suite handles URLs, said Sun in two advisories posted to its Web site. Neither vulnerability has been patched, and Sun had no workaround or temporary defense recommendations. Nor could Sun immediately provide a patch delivery date.
The Santa Clara, Calif., company did offer descriptions of both bugs, however. “A security vulnerability with the way StarOffice/StarSuite versions 6, 7 and 8 process StarCalc 1.0 documents (.sdc) may allow a remote unprivileged user (who provides a StarCalc document that is opened by a local user) the ability to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite,” the first vulnerability alert said.
“A security vulnerability with the way StarOffice/StarSuite 6, 7 and 8 process hyperlinks (URLs) in documents may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user the ability to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite,” said an advisory regarding the second bug.
Both vulnerabilities were tagged as “highly critical” by Danish bug tracker Secunia.
Source : Computerworld.com
