Critical Error in Star Office Closed

Sep 25, 2007

An unknown software researcher discovered a highly critical vulnerability in the Star Office package. Manufacturer Sun has released patches to resolve the issue.

Attackers could use a carefully crafted TIFF file to exploit the vulnerability (CVE-2007-2834) in Star Office. If a user opened the file, it would trigger a buffer overflow that would allow the attacker to run arbitrary code on the machine and corrupt the victim's operating system.

The error affects versions 6, 7 and the current Star Office 8 on the Solaris, Linux and Windows platforms. Earlier versions are not affected says Sun. Patches for various versions and systems are available for downloading from Sun Support. Due to the severity of the bug an immediate update is recommended.

Open Office, which uses the same code base, was also affected by the issue. Version 2.3, which was released September 17, fixed the bug. Users with earlier versions should update to 2.3 as soon as possible.

Related content

  • SQL Queries Make Staroffice Vulnerable

    Security researchers Secunia have discovered a vulnerability in StarOffice that gives attackers the ability to execute arbitrary code. The developers of the free counterpart, OpenOffice, removed the problem last week.

  • Mozilla Closes Down Critical Security Holes

    The Mozilla Foundation has just released Firefox version 2.0.0.10 which resolves three critical vulnerabilities – but new issues have already reared their ugly heads.

  • XSS Error in Bugzilla Removed

    The developers of the free Bugzilla bug management system have fixed several bugs including a vulnerability that enabled cross site scripting attacks.

  • Vulnerabilities in Image Magick Closed

    Four bugs have been discovered in the free Image Magick image manipulation Software and classified as highly critical by several security research services. A new version closes the security holes.

  • Two GnuTLS Bugfix Releases

    The GnuTLS project has published two bugfix releases to close several vulnerabilities and resolve an error capable of interrupting connections.

comments powered by Disqus

Issue 170/2015

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News