The remote host is probably affected by the vulnerabilities described in CVE-2008-2152 or CVE-2008-3282 on 64-bit platform's OpenOffice.org <= 2.4.1 vulnerability Impact CVE-2008-2152 Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. CVE-2008-3282 Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a 'numeric truncation error,' a different vulnerability than CVE-2008-2152.

All OpenOffice.org users should upgrade to the latest version.

• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2152
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3282

---

Updated on 2015-03-25