Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2238

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2238
Last Modified 30 Oct 2012 10:57:12
Published 30 Oct 2008 04:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2238

Summary

Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.

Vulnerable Systems

Application

  • Openoffice.org

  • Openoffice.org 2.0

  • Openoffice.org 2.0.2

  • Openoffice.org 2.0.3

  • Openoffice.org 2.0.4

  • Openoffice.org 2.1

  • Openoffice.org 2.2

  • Openoffice.org 2.2.1

  • Openoffice.org 2.3

  • Openoffice.org 2.3.1

  • Openoffice.org 2.4

  • Openoffice.org 2.4.1


References

BID - 31962

CONFIRM - http://www.openoffice.org/security/cves/CVE-2008-2238.html

DEBIAN - DSA-1661

FEDORA - FEDORA-2008-9333

FEDORA - FEDORA-2008-9313

XF - openoffice-emf-file-bo(46166)

VUPEN - ADV-2008-3153

VUPEN - ADV-2008-3103

VUPEN - ADV-2008-2947

UBUNTU - USN-677-2

SECTRACK - 1021121

REDHAT - RHSA-2008:0939

SUNALERT - 243226

GENTOO - GLSA-200812-13

SECUNIA - 33140

SECUNIA - 32872

SECUNIA - 32676

SECUNIA - 32489

SECUNIA - 32463

SECUNIA - 32461

SECUNIA - 32419

CONFIRM - http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes

SUSE - SUSE-SR:2008:026

IDEFENSE - 20081031 OpenOffice EMF Record Parsing Multiple Integer Overflow Vulnerabilities

UBUNTU - USN-677-1

SECUNIA - 32856


Last Updated: 27 May 2016 11:01:20