OpenOffice < 2.4.1 rtl_allocateMemory Integer Overflow

2004-08-1800:00:00

Tenable

www.tenable.com

JSON

The version of OpenOffice installed on the remote host reportedly contains an integer overflow vulnerability in ‘rtl_allocateMemory()’, a custom memory allocation function used by the application. If an attacker can trick a user on the affected system, he can leverage this issue to execute arbitrary code subject to his privileges.

Binary data 4538.prm

VendorProductVersionCPE
openofficeopenoffice.orgcpe:/a:openoffice:openoffice.org

Vendor	Product	Version	CPE
openoffice	openoffice.org		cpe:/a:openoffice:openoffice.org

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2152

labs.idefense.com/intelligence/vulnerabilities/display.php?id=714

www.openoffice.org/security/cves/CVE-2008-2152.html

www.securityfocus.com/archive/1/493227/30/0/threaded

JSON