Manipulated StarCalc files can lead to arbitrary code execution
- Synopsis: The StarCalc parser in all versions prior to 2.2 contains an exploitable stack overlow due to incorrect handling of the "Note" record.
- State: Resolved
If a user opens an untrusted StarCalc document it can potentially run arbitrary code supplied in the file.
This issue is also described in
2. Affected releases
All versions prior to OpenOffice.org 2.2
There are no predictable symptoms that would indicate the described issue has been exploited.
There is no workaround. See "Resolution" below.
This issue is addressed in the following releases:
OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.2