Lucene search

K

[email protected]CVE-2008-0320

HistoryApr 17, 2008 - 7:05 p.m.

CVE-2008-0320

2008-04-1719:05:00

CWE-119

[email protected]

web.nvd.nist.gov

31

cve-2008-0320

ole importer

denial of service

remote attackers

arbitrary code

buffer overflow

openoffice.org

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%

Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.

CPENameOperatorVersion
openoffice:openoffice.orgopenoffice openoffice.orgeq2.2.1
openoffice:openoffice.orgopenoffice openoffice.orgeq2.1
openoffice:openoffice.orgopenoffice openoffice.orgle2.3.1
openoffice:openoffice.orgopenoffice openoffice.orgeq2.2
openoffice:openoffice.orgopenoffice openoffice.orgeq2.3
openoffice:openoffice.orgopenoffice openoffice.orgeq2.0.3

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=694

secunia.com/advisories/29844

secunia.com/advisories/29852

secunia.com/advisories/29864

secunia.com/advisories/29871

secunia.com/advisories/29910

secunia.com/advisories/29913

secunia.com/advisories/29987

secunia.com/advisories/30100

secunia.com/advisories/30179

security.gentoo.org/glsa/glsa-200805-16.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-231642-1

www.debian.org/security/2008/dsa-1547

www.mandriva.com/security/advisories?name=MDVSA-2008:090

www.mandriva.com/security/advisories?name=MDVSA-2008:095

www.novell.com/linux/security/advisories/2008_23_openoffice.html

www.openoffice.org/security/bulletin.html

www.openoffice.org/security/cves/CVE-2007-4770.html

www.openoffice.org/security/cves/CVE-2007-5745.html

www.openoffice.org/security/cves/CVE-2008-0320.html

www.redhat.com/support/errata/RHSA-2008-0175.html

www.redhat.com/support/errata/RHSA-2008-0176.html

www.securityfocus.com/bid/28819

www.securitytracker.com/id?1019890

www.ubuntu.com/usn/usn-609-1

www.vupen.com/english/advisories/2008/1253/references

www.vupen.com/english/advisories/2008/1375/references

exchange.xforce.ibmcloud.com/vulnerabilities/41860

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10318

www.redhat.com/archives/fedora-package-announce/2008-April/msg00448.html

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%

Related for CVE-2008-0320

packetstorm1 saint4 metasploit1 prion1 securityvulns2 ubuntucve1 checkpoint_advisories1 seebug2 exploitdb1 nessus17 openvas28 centos2 redhat2 oraclelinux1 osv1 debian1 ubuntu1 fedora3 suse1 gentoo1