Vulnerability CVE-2008-2238

Vulnerability Name:

CVE-2008-2238 (CCN-46166)

Assigned:

2008-10-29

Published:

2008-10-29

Updated:

2017-09-29

Summary:

Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-2238

Source: CCN
Type: OpenOffice.org Web site
OpenOffice.org: Downloads

Source: IDEFENSE
Type: UNKNOWN
20081031 OpenOffice EMF Record Parsing Multiple Integer Overflow Vulnerabilities

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:026

Source: CCN
Type: NeoOffice Neowiki Web site
NeoOffice 2.2.5 Patch 3 New Features

Source: CONFIRM
Type: UNKNOWN
http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes

Source: CCN
Type: RHSA-2008-0939
Important: openoffice.org security update

Source: CCN
Type: SA32419
OpenOffice WMF and EMF Processing Buffer Overflows

Source: SECUNIA
Type: Vendor Advisory
32419

Source: SECUNIA
Type: Vendor Advisory
32461

Source: SECUNIA
Type: UNKNOWN
32463

Source: SECUNIA
Type: Vendor Advisory
32489

Source: CCN
Type: SA32584
NeoOffice Multiple Vulnerabilities

Source: CCN
Type: SA32676
Sun StarOffice/StarSuite Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32676

Source: SECUNIA
Type: UNKNOWN
32856

Source: CCN
Type: SA32872
SUSE Update for Multiple Packages

Source: SECUNIA
Type: UNKNOWN
32872

Source: SECUNIA
Type: UNKNOWN
33140

Source: GENTOO
Type: UNKNOWN
GLSA-200812-13

Source: CCN
Type: SECTRACK ID: 1021121
OpenOffice Buffer Overflow in EMF Parser Lets Remote Users Execute Arbitrary Code

Source: SUNALERT
Type: UNKNOWN
243226

Source: CCN
Type: Sun Alert ID: 243226
Security Vulnerability in StarOffice/StarSuite Related to EMF Files May Lead to Heap Overflows and Arbitrary Code Execution

Source: CCN
Type: ASA-2008-432
openoffice.org security update (RHSA-2008-0939)

Source: CCN
Type: ASA-2008-459
Security Vulnerability in StarOffice/StarSuite Related to EMF Files May Lead to Heap Overflows and Arbitrary Code Execution (Sun 243226)

Source: DEBIAN
Type: Patch
DSA-1661

Source: DEBIAN
Type: DSA-1661
openoffice.org -- several vulnerabilities

Source: CCN
Type: NeoOffice Web site
Download the Latest Bug Fixes for NeoOffice 2.2.5

Source: CCN
Type: OpenOffice.org Security Bulletin CVE-2008-2238
Manipulated WMF files can lead to heap overflows and arbitrary code execution

Source: CONFIRM
Type: Patch
http://www.openoffice.org/security/cves/CVE-2008-2238.html

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0939

Source: BID
Type: Patch
31962

Source: CCN
Type: BID-31962
OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1021121

Source: CCN
Type: USN-677-1
OpenOffice.org vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-677-1

Source: CCN
Type: USN-677-2
OpenOffice.org Internationalization update

Source: UBUNTU
Type: UNKNOWN
USN-677-2

Source: VUPEN
Type: UNKNOWN
ADV-2008-2947

Source: VUPEN
Type: UNKNOWN
ADV-2008-3103

Source: VUPEN
Type: UNKNOWN
ADV-2008-3153

Source: XF
Type: UNKNOWN
openoffice-emf-file-bo(46166)

Source: XF
Type: UNKNOWN
openoffice-emf-file-bo(46166)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 10.31.08
OpenOffice EMF Record Parsing Multiple Integer Overflow Vulnerabilities

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10849

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-9313

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-9333

Source: SUSE
Type: SUSE-SR:2008:026
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:openoffice:openoffice.org:*:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:*:*:*:*:*:*:*:* (Version <= 2.4.1)

OR cpe:/a:openoffice:openoffice.org:2.4.1:*:64-bit:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice.org:2.4.1:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20082238	V	CVE-2008-2238	2015-11-16
oval:org.mitre.oval:def:29069	P	RHSA-2008:0939 -- openoffice.org security update (Important)	2015-08-17
oval:org.mitre.oval:def:17619	P	USN-677-1 -- openoffice.org, openoffice.org-amd64 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:21166	P	USN-677-2 -- openoffice.org-l10n update	2014-06-30
oval:org.mitre.oval:def:20283	P	DSA-1661-1 openoffice.org - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:7626	P	DSA-1661 openoffice.org -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:21866	P	ELSA-2008:0939: openoffice.org security update (Important)	2014-05-26
oval:org.mitre.oval:def:10849	V	Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.	2013-04-29
oval:com.redhat.rhsa:def:20080939	P	RHSA-2008:0939: openoffice.org security update (Important)	2008-11-05
oval:org.debian:def:1661	V	several vulnerabilities	2008-10-29

BACK