Ubuntu USN-677-2 (OpenOffice) Network Vulnerability

Summary

The remote host is missing an update to OpenOffice announced via advisory USN-677-2. Original advisory details: Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2008-2237, CVE-2008-2238) Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-4937)

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=USN-677-2

Severity

Classification

CVE CVE-2008-2237, CVE-2008-2238, CVE-2008-4937

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for calligra USN-1525-1
Ubuntu Update for apache2 USN-1199-1
Ubuntu Update for dhcp vulnerability USN-531-1
Ubuntu Update for cupsys vulnerabilities USN-563-1
Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2

Take action and discover your vulnerabilities