Vulnerability Name: | CVE-2009-0259 (CCN-48213) | ||||||||
Assigned: | 2008-09-25 | ||||||||
Published: | 2008-09-25 | ||||||||
Updated: | 2017-09-29 | ||||||||
Summary: | The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-399 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2009-0259 Source: MISC Type: Exploit http://milw0rm.com/sploits/2008-crash.doc.rar Source: CCN Type: OpenOffice.org Web site OpenOffice.org - The Free and Open Productivity Suite Source: CCN Type: oss-security Mailing List, Wed, 21 Jan 2009 14:13:46 +0100 CVE Request -- openoffice.org (CVE-2008-4841) Source: MLIST Type: UNKNOWN [oss-security] 20090121 CVE Request -- openoffice.org (CVE-2008-4841) Source: BID Type: UNKNOWN 33383 Source: CCN Type: BID-33383 OpenOffice '.doc' File Remote Denial of Service Vulnerability Source: XF Type: UNKNOWN openoffice-wordprocessor-code-execution(48213) Source: XF Type: UNKNOWN openoffice-wordprocessor-code-execution(48213) Source: EXPLOIT-DB Type: UNKNOWN 6560 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |