CVE-2009-2139

2009-09-0823:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-2139

openoffice.org

buffer overflow

remote code execution

emf file

security vulnerability

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.21 Low

EPSS

Percentile

96.4%

JSON

Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.

CPENameOperatorVersion
sun:openoffice.orgsun openoffice.orgeq2.4.2
sun:openoffice.orgsun openoffice.orgeq2.4.0
sun:openoffice.orgsun openoffice.orgeq2.4.3
sun:openoffice.orgsun openoffice.orgeq2.3.0
sun:openoffice.orgsun openoffice.orgeq2.0.3
sun:openoffice.orgsun openoffice.orgeq2.3.1
sun:openoffice.orgsun openoffice.orgeq2.0.0
sun:openoffice.orgsun openoffice.orgeq2.4.1
sun:openoffice.orgsun openoffice.orgeq3.0.0
sun:openoffice.orgsun openoffice.orgeq2.1.0

CPE	Name	Operator	Version
sun:openoffice.org	sun openoffice.org	eq	2.4.2
sun:openoffice.org	sun openoffice.org	eq	2.4.0
sun:openoffice.org	sun openoffice.org	eq	2.4.3
sun:openoffice.org	sun openoffice.org	eq	2.3.0
sun:openoffice.org	sun openoffice.org	eq	2.0.3
sun:openoffice.org	sun openoffice.org	eq	2.3.1
sun:openoffice.org	sun openoffice.org	eq	2.0.0
sun:openoffice.org	sun openoffice.org	eq	2.4.1
sun:openoffice.org	sun openoffice.org	eq	3.0.0
sun:openoffice.org	sun openoffice.org	eq	2.1.0