Vulnerability Description
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openoffice | Openoffice.Org | All versions |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
- http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Secu
- http://secunia.com/advisories/32419Vendor Advisory
- http://secunia.com/advisories/32461Vendor Advisory
- http://secunia.com/advisories/32463
- http://secunia.com/advisories/32489Vendor Advisory
- http://secunia.com/advisories/32676
- http://secunia.com/advisories/32856
- http://secunia.com/advisories/32872
- http://secunia.com/advisories/33140
- http://security.gentoo.org/glsa/glsa-200812-13.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-243226-1
- http://www.debian.org/security/2008/dsa-1661Patch
- http://www.openoffice.org/security/cves/CVE-2008-2238.htmlPatch
FAQ
What is CVE-2008-2238?
CVE-2008-2238 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite docum...
How severe is CVE-2008-2238?
CVE-2008-2238 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2238?
Check the references section above for vendor advisories and patch information. Affected products include: Openoffice Openoffice.Org.