Vulnerability Description
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openoffice | Openoffice.Org | 1.1.2 |
Related Weaknesses (CWE)
References
- http://milw0rm.com/sploits/2008-crash.doc.rarExploit
- http://www.openwall.com/lists/oss-security/2009/01/21/9
- http://www.securityfocus.com/bid/33383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48213
- https://www.exploit-db.com/exploits/6560
- http://milw0rm.com/sploits/2008-crash.doc.rarExploit
- http://www.openwall.com/lists/oss-security/2009/01/21/9
- http://www.securityfocus.com/bid/33383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48213
- https://www.exploit-db.com/exploits/6560
FAQ
What is CVE-2009-0259?
CVE-2009-0259 is a vulnerability with a CVSS score of 9.3 (HIGH). The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf ...
How severe is CVE-2009-0259?
CVE-2009-0259 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0259?
Check the references section above for vendor advisories and patch information. Affected products include: Openoffice Openoffice.Org.