Vulnerability

    StarOffice

Affected

    Sun StarOffice

Description

    Kurt Seifried  found following.   StarOffice 5.2,  downloaded from
    Sun.   Simply insert  a graphic,  for filename  give the URL. Kurt
    simply  used  a  gif  from  one  of  my  websites, and watched the
    logfile while loading the document/etc.

    HTML  document:  it  phones  home,  no  warning,  not  unexpected.
    StarWriter  document  (version  5),  it  phones  home, no warning.
    StarSpreadsheet (name?), it phones home, no warning.   StarImpress
    (presentation  ala  powerpoint  software),  it  phones  home,   no
    warning.  Opening these documents in Linux, same results.

    What  concerns  is  this:  under   Windows  Kurt  created  a   new
    spreadsheet,  inserted  an  image  (http://blahblah), saved it and
    exited, then  ran it  through strings,  and saw  some data from an
    email he sent a while ago.  WTF???  Closed outlook, tried it  with
    starwriter, nothing, tried it again with starcalc, wasn't able  to
    recreate it...

    Needless to say StarOffice raises some rather interesting  issues,
    and seems to have some problems/glitches.  As for a warning dialog
    before  downloading  internet  components  that  might  be   nice,
    something like:

        do you wish to retrieve http://www.example.org/trackingimage-091919.gif?

Solution

    They just need to be taught  the use of memset() to clear  memory.
    There is no chance you can explain them why a bloated file  format
    is a  bad thing.   MS Office  had the  same bug,  but it  has been
    fixed.