Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:A4AEA39D9F639B7C03887E3B1C5C8CE4
HistoryJun 20, 2008 - 12:00 a.m.

OpenOffice OLE importer DocumentSummaryInformation buffer overflow

2008-06-2000:00:00
SAINT Corporation
download.saintcorporation.com
16

0.924 High

EPSS

Percentile

99.0%

JSON

Added: 06/20/2008
CVE: CVE-2008-0320
BID: 28819
OSVDB: 44472

Background

OpenOffice is a free productivity suite for multiple platforms. OpenOffice includes an importer for Microsoft’s Object Linking and Embedding (OLE) framework.

Problem

A buffer overflow vulnerability in the OLE importer allows command execution when a user opens a file containing a specially crafted DocumentSummaryInformation stream.

Resolution

Upgrade to OpenOffice 2.4 or higher.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694&gt;
<http://www.openoffice.org/security/cves/CVE-2008-0320.html&gt;

Limitations

Exploit works on OpenOffice 1.1.5 on Linux and OpenOffice 2.3.0 on Windows and requires a user to open the exploit file.

Due to the nature of the vulnerability, the success of this exploit depends on the system state at the time the exploit is run. On Linux platforms, the exploit cannot succeed if the target’s kernel has the exec-shield option enabled.

Platforms

Red Hat Enterprise Linux 4 Update 6
Red Hat Enterprise Linux 4 Update 4
Windows

Related

ubuntucve 1
prion 1
saint 3
securityvulns 2
cvelist 1
packetstorm 1
cve 1
metasploit 1
nvd 1
checkpoint_advisories 1
seebug 2
exploitdb 1
openvas 37
centos 2
nessus 17
oraclelinux 1
redhat 2
osv 1
debian 1
fedora 3
ubuntu 1
suse 1
gentoo 1
ubuntucve
ubuntucve
CVE-2008-0320
2008-04-17 00:00:00
prion
prion
Heap overflow
2008-04-17 19:05:00
saint
saint
OpenOffice OLE importer DocumentSummaryInformation buffer overflow
2008-06-20 00:00:00
OpenOffice OLE importer DocumentSummaryInformation buffer overflow
2008-06-20 00:00:00
OpenOffice OLE importer DocumentSummaryInformation buffer overflow
2008-06-20 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice OLE DocumentSummaryInformation Heap Overflow Vulnerability
2008-04-20 00:00:00
OpenOffice multiple security vulnerabilities
2008-04-20 00:00:00
cvelist
cvelist
CVE-2008-0320
2008-04-17 17:00:00
packetstorm
packetstorm
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
2012-05-24 00:00:00
cve
cve
CVE-2008-0320
2008-04-17 19:05:00
metasploit
metasploit
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
2012-05-23 15:14:11
nvd
nvd
CVE-2008-0320
2008-04-17 19:05:00
checkpoint_advisories
checkpoint_advisories
OpenOffice OLE File Stream Buffer Overflow (CVE-2008-0320)
2009-10-05 00:00:00
seebug
seebug
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
2014-07-01 00:00:00
OpenOffice倚δΈͺηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2008-04-19 00:00:00
exploitdb
exploitdb
OpenOffice - OLE Importer DocumentSummaryInformation Stream Handling Overflow (Metasploit)
2012-05-25 00:00:00
openvas
openvas
CentOS Update for openoffice.org CESA-2008:0176 centos3 i386
2009-02-27 00:00:00
CentOS Update for openoffice.org CESA-2008:0176 centos4 x86_64
2009-02-27 00:00:00
CentOS Update for openoffice.org CESA-2008:0176 centos4 i386
2009-02-27 00:00:00
centos
centos
openoffice.org security update
2008-04-17 23:18:44
openoffice.org, openoffice.org2 security update
2008-04-21 09:57:54
nessus
nessus
Scientific Linux Security Update : openoffice.org on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
RHEL 3 / 4 : openoffice.org (RHSA-2008:0176)
2008-04-22 00:00:00
CentOS 3 / 4 : openoffice.org (CESA-2008:0176)
2008-04-22 00:00:00
oraclelinux
oraclelinux
openoffice.org security update
2008-04-18 00:00:00
redhat
redhat
(RHSA-2008:0176) Important: openoffice.org security update
2008-04-17 00:00:00
(RHSA-2008:0175) Important: openoffice.org security update
2008-04-17 00:00:00
osv
osv
openoffice.org
2008-04-17 00:00:00
debian
debian
[SECURITY] [DSA 1547-1] New OpenOffice.org packages fix arbitrary code execution
2008-04-17 10:13:30
fedora
fedora
[SECURITY] Fedora 8 Update: openoffice.org-2.3.0-6.14.fc8
2008-04-22 22:41:54
[SECURITY] Fedora 7 Update: openoffice.org-2.3.0-6.8.fc7
2008-05-17 22:26:21
[SECURITY] Fedora 7 Update: openoffice.org-2.3.0-6.9.fc7
2008-06-11 23:34:19
ubuntu
ubuntu
OpenOffice.org vulnerabilities
2008-05-06 00:00:00
suse
suse
local privilege escalation in OpenOffice_org
2008-04-18 09:57:35
gentoo
gentoo
OpenOffice.org: Multiple vulnerabilities
2008-05-14 00:00:00

0.924 High

EPSS

Percentile

99.0%

JSON
Related for SAINT:A4AEA39D9F639B7C03887E3B1C5C8CE4
ubuntucve1prion1saint3securityvulns2cvelist1packetstorm1cve1metasploit1nvd1checkpoint_advisories1seebug2exploitdb1openvas37centos2nessus17oraclelinux1redhat2osv1debian1fedora3ubuntu1suse1gentoo1