Added: 06/20/2008
CVE: CVE-2008-0320
BID: 28819
OSVDB: 44472
OpenOffice is a free productivity suite for multiple platforms. OpenOffice includes an importer for Microsoftβs Object Linking and Embedding (OLE) framework.
A buffer overflow vulnerability in the OLE importer allows command execution when a user opens a file containing a specially crafted DocumentSummaryInformation stream.
Upgrade to OpenOffice 2.4 or higher.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694>
<http://www.openoffice.org/security/cves/CVE-2008-0320.html>
Exploit works on OpenOffice 1.1.5 on Linux and OpenOffice 2.3.0 on Windows and requires a user to open the exploit file.
Due to the nature of the vulnerability, the success of this exploit depends on the system state at the time the exploit is run. On Linux platforms, the exploit cannot succeed if the targetβs kernel has the exec-shield option enabled.
Red Hat Enterprise Linux 4 Update 6
Red Hat Enterprise Linux 4 Update 4
Windows