OpenOffice Rtl_allocateMemory() Remote Code Execution Vulnerability (Win) Network Vulnerability

Summary

This host has OpenOffice.Org installed, which is prone to remote code execution vulnerability.

Impact

Attackers can cause an out of bounds array access by tricking a user into opening a malicious document, also allow execution of arbitrary code. Impact Level : System

Solution

Upgrade to OpenOffice.org Version 3.2.0 or later, For updates refer to http://download.openoffice.org/index.html

Insight

The issue is due to a numeric truncation error within the rtl_allocateMemory() method in alloc_global.c file.

Affected

OpenOffice.org 2.4.1 and prior on Windows.

References

http://secunia.com/advisories/31640/
http://www.frsirt.com/english/advisories/2008/2449

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-3282

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Sep13 (Windows)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
3S CoDeSys CmpWebServer Multiple Vulnerabilities

OpenOffice rtl_allocateMemory() Remote Code Execution Vulnerability (Win)

Take action and discover your vulnerabilities