Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.OPENOFFICE_241.NASL
HistoryJun 10, 2008 - 12:00 a.m.

OpenOffice < 2.4.1 rtl_allocateMemory() Function Crafted Document Handling Integer Overflow

2008-06-1000:00:00
This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
www.tenable.com
10
JSON

The version of OpenOffice installed on the remote host reportedly contains an integer overflow vulnerability in β€˜rtl_allocateMemory()’, a custom memory allocation function used by the application. If an attacker can trick a user on the affected system, he can leverage this issue to execute arbitrary code subject to his privileges.

#
#  (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
  script_id(33129);
  script_version("1.12");

  script_cve_id("CVE-2008-2152");
  script_bugtraq_id(29622);
  script_xref(name:"Secunia", value:"30599");

  script_name(english:"OpenOffice < 2.4.1 rtl_allocateMemory() Function Crafted Document Handling Integer Overflow");
  script_summary(english:"Checks version of OpenOffice"); 
 
 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a program affected by an integer overflow
vulnerability." );
 script_set_attribute(attribute:"description", value:
"The version of OpenOffice installed on the remote host reportedly
contains an integer overflow vulnerability in 'rtl_allocateMemory()',
a custom memory allocation function used by the application.  If an
attacker can trick a user on the affected system, he can leverage this
issue to execute arbitrary code subject to his privileges." );
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b889d923" );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/493227/30/0/threaded" );
 script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2008-2152.html" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to OpenOffice version 2.4.1 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(189);
 script_set_attribute(attribute:"plugin_publication_date", value: "2008/06/10");
 script_cvs_date("Date: 2018/11/15 20:50:27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sun:openoffice.org");
script_end_attributes();

 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");

  script_dependencies("openoffice_installed.nasl");
  script_require_keys("SMB/OpenOffice/Build");

  exit(0);
}


build = get_kb_item("SMB/OpenOffice/Build");
if (build)
{
  matches = eregmatch(string:build, pattern:"([0-9]+[a-z][0-9]+)\(Build:([0-9]+)\)");
  if (!isnull(matches))
  {
    buildid = int(matches[2]);
    if (buildid < 9310) security_hole(get_kb_item("SMB/transport"));
  }
}
VendorProductVersionCPE
sunopenoffice.orgcpe:/a:sun:openoffice.org

Related

openvas 38
nessus 14
securityvulns 2
cve 2
prion 2
fedora 5
redhat 2
centos 2
seebug 1
veracode 1
ubuntucve 2
gentoo 1
oraclelinux 1
openvas
openvas
Fedora Update for openoffice.org FEDORA-2008-5143
2009-02-17 00:00:00
RedHat Update for openoffice.org RHSA-2008:0537-01
2009-03-06 00:00:00
Mandriva Update for openoffice.org MDVSA-2008:137 (openoffice.org)
2009-04-09 00:00:00
nessus
nessus
Fedora 9 : openoffice.org-2.4.1-17.3.fc9 (2008-5143)
2008-06-12 00:00:00
RHEL 4 / 5 : openoffice.org (RHSA-2008:0537)
2008-06-16 00:00:00
Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64
2012-08-01 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 06.10.08: Multiple Vendor OpenOffice rtl_allocateMemory&#40;&#41; Integer Overflow Vulnerability
2008-06-10 00:00:00
OpenOffice integer overflow
2008-06-10 00:00:00
cve
cve
CVE-2008-2152
2008-06-10 18:32:00
CVE-2008-3282
2008-08-29 18:41:00
prion
prion
Integer overflow
2008-06-10 18:32:00
Integer overflow
2008-08-29 18:41:00
fedora
fedora
[SECURITY] Fedora 9 Update: openoffice.org-2.4.1-17.3.fc9
2008-06-11 04:39:18
[SECURITY] Fedora 8 Update: openoffice.org-2.3.0-6.15.fc8
2008-06-11 23:35:32
[SECURITY] Fedora 8 Update: openoffice.org-2.3.0-6.16.fc8
2008-09-10 07:24:03
redhat
redhat
(RHSA-2008:0537) Important: openoffice.org security update
2008-06-12 00:00:00
(RHSA-2008:0538) Important: openoffice.org security update
2008-06-12 00:00:00
centos
centos
openoffice.org2 security update
2008-06-27 10:26:05
openoffice.org security update
2008-06-14 08:53:15
seebug
seebug
OpenOffice rtl_allocateMemory()ε‡½ζ•°ε †ζΊ’ε‡ΊζΌζ΄ž
2008-06-14 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:31:56
ubuntucve
ubuntucve
CVE-2008-2152
2008-06-10 00:00:00
CVE-2008-3282
2008-08-29 00:00:00
gentoo
gentoo
OpenOffice.org: User-assisted execution of arbitrary code
2008-07-09 00:00:00
oraclelinux
oraclelinux
openoffice.org security update
2008-06-13 00:00:00
JSON
Related for OPENOFFICE_241.NASL
openvas38nessus14securityvulns2cve2prion2fedora5redhat2centos2seebug1veracode1ubuntucve2gentoo1oraclelinux1