fkie_cve-2008-2238
Vulnerability from fkie_nvd
Published
2008-10-30 20:00
Modified
2024-11-21 00:46
Severity ?
Summary
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
References
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
cve@mitre.orghttp://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes
cve@mitre.orghttp://secunia.com/advisories/32419Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32461Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32463
cve@mitre.orghttp://secunia.com/advisories/32489Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32676
cve@mitre.orghttp://secunia.com/advisories/32856
cve@mitre.orghttp://secunia.com/advisories/32872
cve@mitre.orghttp://secunia.com/advisories/33140
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200812-13.xml
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-243226-1
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1661Patch
cve@mitre.orghttp://www.openoffice.org/security/cves/CVE-2008-2238.htmlPatch
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0939.html
cve@mitre.orghttp://www.securityfocus.com/bid/31962Patch
cve@mitre.orghttp://www.securitytracker.com/id?1021121
cve@mitre.orghttp://www.ubuntu.com/usn/usn-677-1
cve@mitre.orghttp://www.ubuntu.com/usn/usn-677-2
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2947
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3103
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3153
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46166
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10849
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32419Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32461Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32463
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32489Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32676
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32856
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32872
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33140
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200812-13.xml
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-243226-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1661Patch
af854a3a-2127-422b-91ae-364da2661108http://www.openoffice.org/security/cves/CVE-2008-2238.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0939.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31962Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021121
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-677-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-677-2
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2947
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3103
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3153
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46166
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10849
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html
Impacted products
Vendor Product Version
openoffice openoffice.org *
openoffice openoffice.org *
openoffice openoffice.org 2.0
openoffice openoffice.org 2.0.2
openoffice openoffice.org 2.0.3
openoffice openoffice.org 2.0.4
openoffice openoffice.org 2.1
openoffice openoffice.org 2.2
openoffice openoffice.org 2.2.1
openoffice openoffice.org 2.3
openoffice openoffice.org 2.3.1
openoffice openoffice.org 2.4
openoffice openoffice.org 2.4.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88C01AD4-CD39-4DAA-BB5A-42094938D9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EC7A0A3-D6E3-4B74-BC19-DF2766029051",
              "versionEndIncluding": "2.4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45DD57AC-8CA4-48DB-90F9-2D7260AB7650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C065AAB-58E3-4312-AD74-A3E103AC73DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9487A325-308D-442A-89A9-E8650925F43F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B493F3-833A-47E9-AB60-BE2D635EF8AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D86258-594A-4843-9B7E-6C25B3881BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84F14135-C9B1-481E-8A2F-5010F8174ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54678E59-299F-4236-86C4-95F5B68C11D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "443F587C-2D08-45F8-80AC-60F288D2556C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC884B82-CEF3-47B7-A578-B502AD52DBF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51167FA-13DD-46DE-AC16-A2AB2A315110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.4.1:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "F8F3702B-7F00-48A2-90A7-7FADF083A523",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en OpenOffice.org (OOo) v2.x anterior a v2.4.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo EMF manipulado con un documento StarOffice/StarSuite."
    }
  ],
  "id": "CVE-2008-2238",
  "lastModified": "2024-11-21T00:46:25.097",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-10-30T20:00:00.903",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32419"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32461"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32463"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32489"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32676"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32856"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32872"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33140"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200812-13.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243226-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1661"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openoffice.org/security/cves/CVE-2008-2238.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0939.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31962"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021121"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-677-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-677-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2947"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3103"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3153"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46166"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10849"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200812-13.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243226-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openoffice.org/security/cves/CVE-2008-2238.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0939.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-677-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-677-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.