CVE-2007-0238

Manipulated StarCalc files can lead to arbitrary code execution

• Synopsis: The StarCalc parser in all versions prior to 2.2 contains an exploitable stack overlow due to incorrect handling of the "Note" record.
• State: Resolved

1. Impact

If a user opens an untrusted StarCalc document it can potentially run arbitrary code supplied in the file.

This issue is also described in
CVE-2007-0238, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238

2. Affected releases

All versions prior to OpenOffice.org 2.2

3. Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.

4. Relief/Workaround

There is no workaround. See "Resolution" below.

5. Resolution

This issue is addressed in the following releases:

OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.2

Security Home -> Bulletin -> CVE-2007-0238