Critical Error in Star Office Closed

Sep 25, 2007

An unknown software researcher discovered a highly critical vulnerability in the Star Office package. Manufacturer Sun has released patches to resolve the issue.

Attackers could use a carefully crafted TIFF file to exploit the vulnerability (CVE-2007-2834) in Star Office. If a user opened the file, it would trigger a buffer overflow that would allow the attacker to run arbitrary code on the machine and corrupt the victim's operating system.

The error affects versions 6, 7 and the current Star Office 8 on the Solaris, Linux and Windows platforms. Earlier versions are not affected says Sun. Patches for various versions and systems are available for downloading from Sun Support. Due to the severity of the bug an immediate update is recommended.

Open Office, which uses the same code base, was also affected by the issue. Version 2.3, which was released September 17, fixed the bug. Users with earlier versions should update to 2.3 as soon as possible.

Related content

  • SQL Queries Make Staroffice Vulnerable

    Security researchers Secunia have discovered a vulnerability in StarOffice that gives attackers the ability to execute arbitrary code. The developers of the free counterpart, OpenOffice, removed the problem last week.

  • Mozilla Closes Down Critical Security Holes

    The Mozilla Foundation has just released Firefox version which resolves three critical vulnerabilities – but new issues have already reared their ugly heads.

  • Two GnuTLS Bugfix Releases

    The GnuTLS project has published two bugfix releases to close several vulnerabilities and resolve an error capable of interrupting connections.

  • First Maintenance Update for Firefox 3

    Mozilla has just released version 3.0.1 of the Firefox browser; the first maintenance update removes a couple of vulnerabilities and fixes a some minor bugs.

  • Vulnerabilities in Image Magick Closed

    Four bugs have been discovered in the free Image Magick image manipulation Software and classified as highly critical by several security research services. A new version closes the security holes.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.