Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:C82774398A59C47B051D4125B7EF00F7
HistoryJun 20, 2008 - 12:00 a.m.

OpenOffice OLE importer DocumentSummaryInformation buffer overflow

2008-06-2000:00:00
SAINT Corporation
my.saintcorporation.com
49

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%

JSON

Added: 06/20/2008
CVE: CVE-2008-0320
BID: 28819
OSVDB: 44472

Background

OpenOffice is a free productivity suite for multiple platforms. OpenOffice includes an importer for Microsoft’s Object Linking and Embedding (OLE) framework.

Problem

A buffer overflow vulnerability in the OLE importer allows command execution when a user opens a file containing a specially crafted DocumentSummaryInformation stream.

Resolution

Upgrade to OpenOffice 2.4 or higher.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694&gt;
<http://www.openoffice.org/security/cves/CVE-2008-0320.html&gt;

Limitations

Exploit works on OpenOffice 1.1.5 on Linux and OpenOffice 2.3.0 on Windows and requires a user to open the exploit file.

Due to the nature of the vulnerability, the success of this exploit depends on the system state at the time the exploit is run. On Linux platforms, the exploit cannot succeed if the target’s kernel has the exec-shield option enabled.

Platforms

Red Hat Enterprise Linux 4 Update 6
Red Hat Enterprise Linux 4 Update 4
Windows

Related

packetstorm 1
checkpoint_advisories 1
saint 3
cve 1
metasploit 1
seebug 2
prion 1
securityvulns 2
ubuntucve 1
exploitdb 1
nessus 17
openvas 37
redhat 2
centos 2
oraclelinux 1
osv 1
debian 1
ubuntu 1
fedora 3
gentoo 1
suse 1
packetstorm
packetstorm
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
2012-05-24 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenOffice OLE File Stream Buffer Overflow (CVE-2008-0320)
2009-10-05 00:00:00
saint
saint
OpenOffice OLE importer DocumentSummaryInformation buffer overflow
2008-06-20 00:00:00
OpenOffice OLE importer DocumentSummaryInformation buffer overflow
2008-06-20 00:00:00
OpenOffice OLE importer DocumentSummaryInformation buffer overflow
2008-06-20 00:00:00
cve
cve
CVE-2008-0320
2008-04-17 19:05:00
metasploit
metasploit
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
2012-05-23 15:14:11
seebug
seebug
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
2014-07-01 00:00:00
OpenOffice倚δΈͺηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2008-04-19 00:00:00
prion
prion
Heap overflow
2008-04-17 19:05:00
securityvulns
securityvulns
iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice OLE DocumentSummaryInformation Heap Overflow Vulnerability
2008-04-20 00:00:00
OpenOffice multiple security vulnerabilities
2008-04-20 00:00:00
ubuntucve
ubuntucve
CVE-2008-0320
2008-04-17 00:00:00
exploitdb
exploitdb
OpenOffice - OLE Importer DocumentSummaryInformation Stream Handling Overflow (Metasploit)
2012-05-25 00:00:00
nessus
nessus
Scientific Linux Security Update : openoffice.org on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 3 / 4 : openoffice.org (ELSA-2008-0176)
2013-07-12 00:00:00
CentOS 3 / 4 : openoffice.org (CESA-2008:0176)
2008-04-22 00:00:00
openvas
openvas
CentOS Update for openoffice.org CESA-2008:0176 centos3 i386
2009-02-27 00:00:00
CentOS Update for openoffice.org CESA-2008:0176 centos3 x86_64
2009-02-27 00:00:00
CentOS Update for openoffice.org CESA-2008:0176 centos3 x86_64
2009-02-27 00:00:00
redhat
redhat
(RHSA-2008:0176) Important: openoffice.org security update
2008-04-17 00:00:00
(RHSA-2008:0175) Important: openoffice.org security update
2008-04-17 00:00:00
centos
centos
openoffice.org security update
2008-04-17 23:18:44
openoffice.org, openoffice.org2 security update
2008-04-21 09:57:54
oraclelinux
oraclelinux
openoffice.org security update
2008-04-18 00:00:00
osv
osv
openoffice.org
2008-04-17 00:00:00
debian
debian
[SECURITY] [DSA 1547-1] New OpenOffice.org packages fix arbitrary code execution
2008-04-17 10:13:30
ubuntu
ubuntu
OpenOffice.org vulnerabilities
2008-05-06 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: openoffice.org-2.3.0-6.14.fc8
2008-04-22 22:41:54
[SECURITY] Fedora 7 Update: openoffice.org-2.3.0-6.8.fc7
2008-05-17 22:26:21
[SECURITY] Fedora 7 Update: openoffice.org-2.3.0-6.9.fc7
2008-06-11 23:34:19
gentoo
gentoo
OpenOffice.org: Multiple vulnerabilities
2008-05-14 00:00:00
suse
suse
local privilege escalation in OpenOffice_org
2008-04-18 09:57:35

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%

JSON
Related for SAINT:C82774398A59C47B051D4125B7EF00F7
packetstorm1checkpoint_advisories1saint3cve1metasploit1seebug2prion1securityvulns2ubuntucve1exploitdb1nessus17openvas37redhat2centos2oraclelinux1osv1debian1ubuntu1fedora3gentoo1suse1