Critical bugs plague StarOffice, OpenOffice suites

By posting this, I am not trying to state that OpenOffice / StarOffice is in any worse condition than MS Office from a security standpoint. This article merely indicates that security flaws happen also in Open Source software and as shown impacts both StarOffice and OpenOffice at the same time. I have seen no news on exploits of these bugs yet …

March 27, 2007 (Computerworld) — Bugs in Sun Microsystems Inc.’s StarOffice and OpenOffice.org’s OpenOffice application suites allow attackers to snatch control of a computer by serving up malicious documents or URLs, the two organizations said yesterday.

The flaws are in StarOffice’s StarCalc spreadsheet and in how the suite handles URLs, said Sun in two advisories posted to its Web site. Neither vulnerability has been patched, and Sun had no workaround or temporary defense recommendations. Nor could Sun immediately provide a patch delivery date.

The Santa Clara, Calif., company did offer descriptions of both bugs, however. “A security vulnerability with the way StarOffice/StarSuite versions 6, 7 and 8 process StarCalc 1.0 documents (.sdc) may allow a remote unprivileged user (who provides a StarCalc document that is opened by a local user) the ability to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite,” the first vulnerability alert said.

“A security vulnerability with the way StarOffice/StarSuite 6, 7 and 8 process hyperlinks (URLs) in documents may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user the ability to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite,” said an advisory regarding the second bug.

Both vulnerabilities were tagged as “highly critical” by Danish bug tracker Secunia.

Source : Computerworld.com

Peter de Haas
Peter de Haas

Peter wordt gedreven door de grenzeloze mogelijkheden van technologische vooruitgang en heeft meer dan 35 jaar ervaring op het snijvlak van business en IT. Gedurende zijn carrière heeft hij talloze ontwikkelingen zien opkomen en de impact ervan op organisaties en mensen van dichtbij meegemaakt. Met een scherp oog voor het vinden van oplossingen waar anderen obstakels zien, heeft hij zich ontwikkeld tot een vertrouwde expert in digitale transformaties.

Met Designing a Better Workday. als zijn missie helpt Peter individuen, teams en organisaties nieuwe vaardigheden te ontwikkelen en baanbrekende oplossingen te implementeren die werk slimmer, efficiënter en betekenisvoller maken. Zijn inzichten en ervaring maken hem een gewaardeerde bron voor iedereen die technologische trends wil begrijpen en benutten.

Artikelen: 3841