Original URL: http://www.theregister.co.uk/2009/09/21/staroffice_security_bug/

Word handling bug shoots down StarOffice

Starstruck

By John Leyden

Posted in Security, 21st September 2009 11:28 GMT

Sun last week pushed out a set of updates designed to fix a flaw in its StarOffice and StarSuite office software packages.

Problems in handling Microsoft Word documents by Sun's open source alternatives created a code injection risk. Users induced into opening malformed documents could wind up with pwned Windows PCs because of the bug, just the sort of thing hackers running targeting attacks might be interested in exploiting.

Users of StarOffice/StarSuite 7, 8, and 9 all need to update their software, and Sun's advisory can be found here.

The bug was discovered by Dyon Balding of Secunia Research.

The flaws addressed by Sun's update relate to recently patched flaws in OpenOffice, involving bugs connected to handling the document table of a Word document and "table parsing", addressed by OpenOffice 3.1.1. ®