Vulnerability Name:

CVE-2008-2237 (CCN-46165)

Assigned:2008-10-29
Published:2008-10-29
Updated:2017-09-29
Summary:Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
CWE-190
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-2237

Source: CCN
Type: OpenOffice.org Web site
OpenOffice.org: Downloads

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:026

Source: CCN
Type: NeoOffice Neowiki Web site
NeoOffice 2.2.5 Patch 3 New Features

Source: CONFIRM
Type: UNKNOWN
http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes

Source: CCN
Type: RHSA-2008-0939
Important: openoffice.org security update

Source: CCN
Type: SA32419
OpenOffice WMF and EMF Processing Buffer Overflows

Source: SECUNIA
Type: Vendor Advisory
32419

Source: SECUNIA
Type: Vendor Advisory
32461

Source: SECUNIA
Type: UNKNOWN
32463

Source: SECUNIA
Type: Vendor Advisory
32489

Source: CCN
Type: SA32584
NeoOffice Multiple Vulnerabilities

Source: CCN
Type: SA32676
Sun StarOffice/StarSuite Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32676

Source: SECUNIA
Type: UNKNOWN
32856

Source: CCN
Type: SA32872
SUSE Update for Multiple Packages

Source: SECUNIA
Type: UNKNOWN
32872

Source: SECUNIA
Type: UNKNOWN
33140

Source: GENTOO
Type: UNKNOWN
GLSA-200812-13

Source: CCN
Type: SECTRACK ID: 1021120
OpenOffice.org Integer Overflow in Processing WMF META_ESCAPE Records Lets Remote Users Execute Arbitrary Code

Source: SUNALERT
Type: UNKNOWN
242627

Source: CCN
Type: Sun Alert ID: 242627
Security Vulnerability in StarOffice Related to .wmf Files May Lead to Heap Overflows and Arbitrary Code Execution

Source: CCN
Type: ASA-2008-432
openoffice.org security update (RHSA-2008-0939)

Source: DEBIAN
Type: Patch
DSA-1661

Source: DEBIAN
Type: DSA-1661
openoffice.org -- several vulnerabilities

Source: CCN
Type: NeoOffice Web site
Download the Latest Bug Fixes for NeoOffice 2.2.5

Source: CCN
Type: OpenOffice.org Security Bulletin CVE-2008-2237
Manipulated WMF files can lead to heap overflows and arbitrary code execution

Source: CONFIRM
Type: Patch
http://www.openoffice.org/security/cves/CVE-2008-2237.html

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0939

Source: BID
Type: Patch
31962

Source: CCN
Type: BID-31962
OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1021120

Source: CCN
Type: USN-677-1
OpenOffice.org vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-677-1

Source: CCN
Type: USN-677-2
OpenOffice.org Internationalization update

Source: UBUNTU
Type: UNKNOWN
USN-677-2

Source: VUPEN
Type: UNKNOWN
ADV-2008-2947

Source: VUPEN
Type: UNKNOWN
ADV-2008-3103

Source: XF
Type: UNKNOWN
openoffice-wmf-bo(46165)

Source: XF
Type: UNKNOWN
openoffice-wmf-bo(46165)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10784

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-9313

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-9333

Source: SUSE
Type: SUSE-SR:2008:026
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openoffice:openoffice.org:*:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:*:*:*:*:*:*:*:* (Version <= 2.4.1)
  • OR cpe:/a:openoffice:openoffice.org:2.4.1:*:64-bit:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.4.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20082237
    V
    		CVE-2008-2237
    2015-11-16
    oval:org.mitre.oval:def:29069
    P
    		RHSA-2008:0939 -- openoffice.org security update (Important)
    2015-08-17
    oval:org.mitre.oval:def:17619
    P
    		USN-677-1 -- openoffice.org, openoffice.org-amd64 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:21166
    P
    		USN-677-2 -- openoffice.org-l10n update
    2014-06-30
    oval:org.mitre.oval:def:20283
    P
    		DSA-1661-1 openoffice.org - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:7626
    P
    		DSA-1661 openoffice.org -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:21866
    P
    		ELSA-2008:0939: openoffice.org security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:10784
    V
    		Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.
    2013-04-29
    oval:com.redhat.rhsa:def:20080939
    P
    		RHSA-2008:0939: openoffice.org security update (Important)
    2008-11-05
    oval:org.debian:def:1661
    V
    		several vulnerabilities
    2008-10-29
    BACK
    openoffice openoffice.org *
    openoffice openoffice.org 2.0
    openoffice openoffice.org 2.0.2
    openoffice openoffice.org 2.0.3
    openoffice openoffice.org 2.0.4
    openoffice openoffice.org 2.1
    openoffice openoffice.org 2.2
    openoffice openoffice.org 2.2.1
    openoffice openoffice.org 2.3
    openoffice openoffice.org 2.3.1
    openoffice openoffice.org 2.4
    openoffice openoffice.org *
    openoffice openoffice.org 2.4.1
    openoffice openoffice.org 2.1
    openoffice openoffice.org 2.0.4
    openoffice openoffice.org 2.2
    openoffice openoffice.org 2.3
    openoffice openoffice.org 2.0
    openoffice openoffice.org 2.4
    openoffice openoffice.org 2.0.3
    openoffice openoffice.org 2.0.2
    openoffice openoffice.org 2.4.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    canonical ubuntu 6.06
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    redhat enterprise linux 5
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04