| Vulnerability Name: | CVE-2008-0668 (CCN-40122) | ||||||||||||||||||||||||
| Assigned: | 2007-12-24 | ||||||||||||||||||||||||
| Published: | 2007-12-24 | ||||||||||||||||||||||||
| Updated: | 2011-03-08 | ||||||||||||||||||||||||
| Summary: | The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. Note: some of these details are obtained from third party information. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-189 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=208356 Source: CCN Type: Gnome Bugzilla Bug 505330 Gnumeric crashes on opening Excel 97 file Source: CONFIRM Type: UNKNOWN http://bugzilla.gnome.org/show_bug.cgi?id=505330 Source: MITRE Type: CNA CVE-2008-0668 Source: SUSE Type: UNKNOWN SUSE-SR:2008:016 Source: CCN Type: SA28725 Gnumeric XLS HLINK Opcode Processing Code Execution Vulnerability Source: SECUNIA Type: Vendor Advisory 28725 Source: SECUNIA Type: Patch, Vendor Advisory 28799 Source: SECUNIA Type: UNKNOWN 28948 Source: SECUNIA Type: UNKNOWN 29702 Source: SECUNIA Type: UNKNOWN 29896 Source: SECUNIA Type: UNKNOWN 31339 Source: GENTOO Type: UNKNOWN GLSA-200802-05 Source: DEBIAN Type: UNKNOWN DSA-1546 Source: DEBIAN Type: DSA-1546 gnumeric -- integer overflow Source: CCN Type: GLSA-200802-05 Gnumeric: User-assisted execution of arbitrary code Source: CCN Type: Gnumeric Web site Gnumeric 1.8.1 aka "TBD" is now available. Source: CONFIRM Type: Patch http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml Source: MANDRIVA Type: UNKNOWN MDVSA-2008:056 Source: CCN Type: OSVDB ID: 42835 Gnumeric plugins/excel/ms-excel-read.c excel_read_HLINK Function XLS HLINK Opcode Processing Overflow Source: BID Type: UNKNOWN 27536 Source: CCN Type: BID-27536 Gnumeric XLS HLINK Opcode Handling Remote Arbitrary Code Execution Vulnerability Source: CCN Type: USN-604-1 Gnumeric vulnerability Source: UBUNTU Type: UNKNOWN USN-604-1 Source: VUPEN Type: UNKNOWN ADV-2008-0462 Source: XF Type: UNKNOWN gnumeric-xlshlink-code-execution(40122) Source: FEDORA Type: UNKNOWN FEDORA-2008-1313 Source: FEDORA Type: UNKNOWN FEDORA-2008-1403 Source: SUSE Type: SUSE-SR:2008:016 SUSE Security Summary Report | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||