9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.897 High
EPSS
Percentile
98.8%
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file
that triggers memory corruption, as exploited in the wild in December 2008,
as demonstrated by 2008-crash.doc.rar, and a similar issue to
CVE-2008-4841.