Advisories
Vulnerability Database
PoC
Viruses
Research Lab
Sun Microsystems

Security Vulnerability in StarOffice/StarSuite 8 and 9 Related to XML Document Processing may Lead to Arbitrary Code Execution

23 september, 2009

Document Audience: PUBLIC
Document ID: 266088
Title: Security Vulnerability in StarOffice/StarSuite 8 and 9 Related to XML Document Processing may Lead to Arbitrary Code Execution
Copyright Notice: Copyright © 2009 Sun Microsystems, Inc. All Rights Reserved
Update Date: Fri Sep 18 00:00:00 MDT 2009
Solution Type Sun Alert

Solution  266088 :   Security Vulnerability in StarOffice/StarSuite 8 and 9 Related to XML Document Processing may Lead to Arbitrary Code Execution  

Bug ID

6872499

Product

StarOffice/StarSuite 8 StarOffice/StarSuite 9

Date of Resolved Release

18-Sep-2009

SA Document Body

Security Vulnerability in StarOffice/StarSuite 8 and 9, Related to XML Document Processing ...

1. Impact

A security vulnerability in StarOffice/StarSuite 8 and 9, related to XML document processing,
may allow a remote unprivileged user to execute arbitrary code on the system with the
privileges of a local user running StarOffice/StarSuite, if the local user opens crafted XML
documents provided by the remote user. This also includes documents in the OpenDocument
format (ODF), the default format used by StarOffice/StarSuite.

This issue is also referenced in the following documents:
2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform
  • StarOffice 8 without update 14 (patch 120185-19)
  • StarSuite 8 without update 14 (patch 120189-19)
  • StarOffice 9 without update 3 (patch 142188-01)
  • StarSuite 9 without update 3 (patch 142189-01)
x86 Platform
  • StarOffice 8 without update 14 (patch 120186-19)
  • StarSuite 8 without update 14 (patch 120190-19)
  • StarOffice 9 without update 3 (patch 142190-01)
  • StarSuite 9 without update 3 (patch 142191-01)
Linux Platform
  • StarOffice 8 without update 14 (patch 120184-18)
  • StarSuite 8 without update 14 (patch 120188-18)
  • StarOffice 9 without update 3 (patch 142212-01)
  • StarSuite 9 without update 3 (patch 142213-01)
Windows Platform

  • StarOffice 8 without update 14 (patch 120187-18)
  • StarSuite 8 without update 14 (patch 120191-18)
  • StarSuite 8 Impress Standalone without update 14 for Windows (patch 128021-06)
  • StarOffice 9 (ar) without update 3 (patch 142193-01)
  • StarOffice 9 (en-US) without update 3 (patch 142194-01)
  • StarOffice 9 (de) without update 3 (patch 142195-01)
  • StarOffice 9 (es) without update 3 (patch 142196-01)
  • StarOffice 9 (it) without update 3 (patch 142197-01)
  • StarOffice 9 (fr) without update 3 (patch 142198-01)
  • StarOffice 9 (sv) without update 3 (patch 142199-01)
  • StarOffice 9 (nl) without update 3 (patch 142200-01)
  • StarOffice 9 (hu) without update 3 (patch 142201-01)
  • StarOffice 9 (ru) without update 3 (patch 142202-01)
  • StarOffice 9 (pl) without update 3 (patch 142203-01)
  • StarOffice 9 (pt) without update 3 (patch 142204-01)
  • StarOffice 9 (pt-BR) without update 3 (patch 142205-01)
  • StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl, pt, pt-BR, ar) without update 3 (patch 142206-01)
  • StarSuite 9 (ja) without update 3 (patch 142207-01)
  • StarSuite 9 (ko) without update 3 (patch 142208-01)
  • StarSuite 9 (zh-CN) without update 3 (patch 142209-01)
  • StarSuite 9 (zh-TW) without update 3 (patch 142210-01)
  • StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) without update 3 (patch 142211-01)

    Mac OSX x86 Platform
    • StarOffice 9 (ar) without update 3 (patch 142214-01)
    • StarOffice 9 (en-US) without update 3 (patch 142215-01)
    • StarOffice 9 (de) without update 3 (patch 142216-01)
    • StarOffice 9 (es) without update 3 (patch 142217-01)
    • StarOffice 9 (it) without update 3 (patch 142218-01)
    • StarOffice 9 (fr) without update 3 (patch 142219-01)
    • StarOffice 9 (sv) without update 3 (patch 142220-01)
    • StarOffice 9 (nl) without update 3 (patch 142221-01)
    • StarOffice 9 (hu) without update 3 (patch 142222-01)
    • StarOffice 9 (ru) without update 3 (patch 142223-01)
    • StarOffice 9 (pl) without update 3 (patch 142224-01)
    • StarOffice 9 (pt) without update 3 (patch 142225-01)
    • StarOffice 9 (pt-BR) without update 3 (patch 142226-01)
    • StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl, pt, pt-BR, ar) without update 3 (patch 142227-01)
    • StarSuite 9 (ja) without update 3 (patch 142228-01)
    • StarSuite 9 (ko) without update 3 (patch 142229-01)
    • StarSuite 9 (zh-CN) without update 3 (patch 142230-01)
    • StarSuite 9 (zh-TW) without update 3 (patch 142231-01)
    • StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) without update 3 (patch142232-01)

    Note 1: StarOffice/StarSuite 7 are not impacted by this issue.

    Note 2:  Earlier versions of StarOffice/StarSuite are no longer
    supported and will not be evaluated regarding this issue.

    To determine the version of StarOffice/StarSuite installed on a
    system, the following command can be executed:

    % grep Product <program-dir>/program/bootstraprc
    ProductKey=StarOffice 9
    ProductPatch=(Product Update 3)

    where <program-dir> is the path to the StarOffice/StarSuite installation directory.

    The version of StarOffice/StarSutie can also be determined in the GUI using the following steps:

    1. Open the "Help" menu
    2. Choose "About StarOffice" (StarSuite)



    3. Symptoms

    There are no predictable symptoms that would indicate this issue has occurred.

    4. Workaround

    To workaround the described issues, do not load documents from untrusted sources.



    5. Resolution

    This issue is addressed in the following releases:

    SPARC Platform
    • StarOffice 8 with update 14 (patch 120185-19) or later
    • StarSuite 8 with update 14 (patch 120189-19) or later
    • StarOffice 9 with update 3 (patch 142188-01) or later
    • StarSuite 9 with update 3 (patch 142189-01) or later
    x86 Platform
    • StarOffice 8 with update 14 (patch 120186-19) or later
    • StarSuite 8 with update 14 (patch 120190-19) or later
    • StarOffice 9 with update 3 (patch 142190-01) or later
    • StarSuite 9 with update 3 (patch 142191-01) or later
    Linux Platform
    • StarOffice 8 with update 14 (patch 120184-18) or later
    • StarSuite 8 with update 14 (patch 120188-18) or later
    • StarOffice 9 with update 3 (patch 142212-01) or later
    • StarSuite 9 with update 3 (patch 142213-01) or later
    Windows Platform
  • StarOffice 8 with update 14 (patch 120187-18) or later
  • StarSuite 8 with update 14 (patch 120191-18) or later
  • StarSuite 8 Impress Standalone with update 14 for Windows (patch 128021-06) or later
  • StarOffice 9 (ar) with update 3 (patch 142193-01) or later
  • StarOffice 9 (en-US) with update 3 (patch 142194-01) or later
  • StarOffice 9 (de) with update 3 (patch 142195-01) or later
  • StarOffice 9 (es) with update 3 (patch 142196-01) or later
  • StarOffice 9 (it) with update 3 (patch 142197-01) or later
  • StarOffice 9 (fr) with update 3 (patch 142198-01) or later
  • StarOffice 9 (sv) with update 3 (patch 142199-01) or later
  • StarOffice 9 (nl) with update 3 (patch 142200-01) or later
  • StarOffice 9 (hu) with update 3 (patch 142201-01) or later
  • StarOffice 9 (ru) with update 3 (patch 142202-01) or later
  • StarOffice 9 (pl) with update 3 (patch 142203-01) or later
  • StarOffice 9 (pt) with update 3 (patch 142204-01) or later
  • StarOffice 9 (pt-BR) with update 3 (patch 142205-01) or later
  • StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl, pt, pt-BR, ar) with update 3 (patch 142206-01) or later
  • StarSuite 9 (ja) with update 3 (patch 142207-01) or later
  • StarSuite 9 (ko) with update 3 (patch 142208-01) or later
  • StarSuite 9 (zh-CN) with update 3 (patch 142209-01) or later
  • StarSuite 9 (zh-TW) with update 3 (patch 142210-01) or later
  • StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) with update 3 (patch 142211-01) or later

    Mac OSX x86 Platform
    • StarOffice 9 (ar) with update 3 (patch 142214-01) or later
    • StarOffice 9 (en-US) with update 3 (patch 142215-01) or later
    • StarOffice 9 (de) with update 3 (patch 142216-01) or later
    • StarOffice 9 (es) with update 3 (patch 142217-01) or later
    • StarOffice 9 (it) with update 3 (patch 142218-01) or later
    • StarOffice 9 (fr) with update 3 (patch 142219-01) or later
    • StarOffice 9 (sv) with update 3 (patch 142220-01) or later
    • StarOffice 9 (nl) with update 3 (patch 142221-01) or later
    • StarOffice 9 (hu) with update 3 (patch 142222-01) or later
    • StarOffice 9 (ru) with update 3 (patch 142223-01) or later
    • StarOffice 9 (pl) with update 3 (patch 142224-01) or later
    • StarOffice 9 (pt) with update 3 (patch 142225-01) or later
    • StarOffice 9 (pt-BR) with update 3 (patch 142226-01) or later
    • StarOffice 9 (en-US, de, es, it, fr, sv, nl, hu, ru, pl, pt, pt-BR, ar) with update 3 (patch 142227-01) or later
    • StarSuite 9 (ja) with update 3 (patch 142228-01) or later
    • StarSuite 9 (ko) with update 3 (patch 142229-01) or later
    • StarSuite 9 (zh-CN) with update 3 (patch 142230-01) or later
    • StarSuite 9 (zh-TW) with update 3 (patch 142231-01) or later
    • StarSuite 9 (en-US, ja, ko, zh-CN, zh-TW) with update 3 (patch142232-01) or later

    For more information on Security Sun Alerts, see Technical Instruction ID 213557.

    This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

    Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
Search
National Vulnerability Database

CVE-2012-0834

Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.

10 february, 2012

CVE-2012-0452

Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trig ...

10 february, 2012

CVE-2012-0840

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CP ...

10 february, 2012

CVE-2012-0831

PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to m ...

10 february, 2012

CVE-2011-4534

ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via a series of connections and disconnections on TCP port 1101, aka Reference Numb ...

10 february, 2012

CVE-2011-4533

zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted packet to TCP port 50777, aka Reference Number 25240.

10 february, 2012

CVE-2011-4039

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access vi ...

10 february, 2012

CVE-2011-4038

Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via uns ...

10 february, 2012

CVE-2012-1046

Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696.

10 february, 2012

CVE-2011-3972

The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

08 february, 2012

ÐîÑ

MS12-004 midiOutPlayNextPolyEvent Heap Overflow Exploit

Target: Microsoft Windows Media
Impact: Code execution

ActFax Server FTP RETR Remote Buffer Overflow Exploit

Target: ActFax Server 4.27 Build 0223 and previous versions
Impact: Arbitrary commands execution

ActFax Server (LPD/LPR) Remote Buffer Overflow Exploit

Target: ActFax Server 4.27 Build 0223 and previous versions
Impact: Arbitrary commands execution

AdvertismentAbout ProjectContact UsCopyrightExportRSSMy SettingsMap