OpenOffice.org <= 2.4.1 Vulnerability (Win) Network Vulnerability

Summary

The remote host is probably affected by the vulnerabilities described in CVE-2008-2152 or CVE-2008-3282 on 64-bit platform's Impact CVE-2008-2152 Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. CVE-2008-3282 Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a 'numeric truncation error,' a different vulnerability than CVE-2008-2152.

Solution

All OpenOffice.org users should upgrade to the latest version:

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2152
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3282

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2152

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

BaoFeng Storm '.smpl' File Buffer Overflow Vulnerability
Adobe Reader 'mailListIsPdf' Buffer Overflow Vulnerability (Linux)
Adobe InDesign 'INDD' File Handling Remote Buffer Overflow Vulnerability
Adobe PageMaker Font Structure Multiple BOF Vulnerabilities
Alpine tmail and dmail Buffer Overflow Vulnerabilities (Win)

OpenOffice.org <= 2.4.1 vulnerability (Win)

Take action and discover your vulnerabilities