The free and open productivity suite

General links

• Donating Funds
• Mailing Lists
• Report a Bug
• What's New
• Project Guidelines
• Licenses

Search

Advanced search

Google search

How do I...

• Sitemap
• FAQ
• Get help?

start:

CVE-2007-0238

Manipulated StarCalc files can lead to arbitrary code execution

• Synopsis: The StarCalc parser in all versions prior to 2.2 contains an exploitable stack overlow due to incorrect handling of the "Note" record.
• State: Resolved

1. Impact

If a user opens an untrusted StarCalc document it can potentially run arbitrary code supplied in the file.

This issue is also described in
CVE-2007-0238, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238

2. Affected releases

All versions prior to OpenOffice.org 2.2

3. Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.

4. Relief/Workaround

There is no workaround. See "Resolution" below.

5. Resolution

This issue is addressed in the following releases:

OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.2

---

Security Home -> Bulletin -> CVE-2007-0238