CVE-2008-2238

Related Files

Mandriva Linux Security Advisory 2009-006

Posted Jan 13, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-006 - Heap-based overflow on functions to manipulate WMF and EMF files in OpenOffice.org documents enables remote attackers to execute arbitrary code on documents holding certain crafted either WMF or EMF files. ). This update provide the fix for these security issues and further openoffice.org-voikko package has been updated as it depends on openoffice.org packages.

tags | advisory, remote, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2008-2237, CVE-2008-2238

SHA-256 | 764b243a216d03ac1b187c250cae6ce495eea4fbd2df074611469d3ca0e9551b

Download | Favorite | View

Gentoo Linux Security Advisory 200812-13

Posted Dec 12, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-13 - Multiple vulnerabilities in OpenOffice.org might allow for user-assisted execution of arbitrary code or symlink attacks. Two heap-based buffer overflows when processing WMF files and EMF files were discovered. Dmitry E. Oboukhov also reported an insecure temporary file usage within the senddoc script. Versions less than 3.0.0 are affected.

tags | advisory, overflow, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2008-2237, CVE-2008-2238, CVE-2008-4937

SHA-256 | 5148e74b000770dea6ce22f6704a513e020b91049da895d70a21b00c52cf536b

Download | Favorite | View

Ubuntu Security Notice 677-1

Posted Nov 25, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-677-1 - Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS.

tags | advisory, remote, overflow, arbitrary, local

systems | linux, ubuntu

advisories | CVE-2008-2237, CVE-2008-2238, CVE-2008-4937

SHA-256 | 700161a4cc709269aa2c26e7940d1df53c3fd15f82523fa629fe8eafb53dc31f

Download | Favorite | View

iDEFENSE Security Advisory 2008-10-29.1

Posted Oct 31, 2008

Authored by iDefense Labs, Sebastian Apelt, Code Audit Labs | Site idefense.com

iDefense Security Advisory 10.29.08 - Remote exploitation of multiple integer overflow vulnerabilities in OpenOffice versions 2.4.1 and earlier could allow an attacker to execute arbitrary code with the privileges of the current user. Integer overflow issues exist within the code responsible for parsing multiple EMR records within an EMF file. This allows an attacker to overflow heap memory with data they supplied. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.4.1.

tags | advisory, remote, overflow, arbitrary, vulnerability

advisories | CVE-2008-2238

SHA-256 | fdb454b37d786a9ada30ce36452df4141a400dde4634b766ff1948e16de69370

Download | Favorite | View

Debian Linux Security Advisory 1661-1

Posted Oct 30, 2008

Authored by Debian | Site debian.org

Debian Security Advisory DSA 1661-1 - Several vulnerabilities have been discovered in the OpenOffice.org office suite.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2008-2237, CVE-2008-2238

SHA-256 | 1e787385480adb40244cb6a92b3bec80049192a21433483c2b7f36158cfef478

Download | Favorite | View