CVE-2008-2238

CVSS V2 High 9.3 CVSS V3 None
Description
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
Overview
  • CVE ID
  • CVE-2008-2238
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2008-10-30T20:00:00
  • Last Modified Date
  • 2017-09-29T01:31:04
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:openoffice:openoffice.org:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:openoffice:openoffice.org:*:*:*:*:*:*:*:* 1 OR 2.4.1
cpe:2.3:a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:openoffice:openoffice.org:2.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:openoffice:openoffice.org:2.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:openoffice:openoffice.org:2.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:openoffice:openoffice.org:2.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:openoffice:openoffice.org:2.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:openoffice:openoffice.org:2.4.1:*:64-bit:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.openoffice.org/security/cves/CVE-2008-2238.html Patch
http://www.securityfocus.com/bid/31962 Patch
http://www.debian.org/security/2008/dsa-1661 Patch
http://secunia.com/advisories/32419 Vendor Advisory
http://secunia.com/advisories/32461 Vendor Advisory
http://www.securitytracker.com/id?1021121
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750
http://secunia.com/advisories/32489 Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html
http://secunia.com/advisories/32676
http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243226-1
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://secunia.com/advisories/32872
http://www.ubuntu.com/usn/usn-677-2
http://security.gentoo.org/glsa/glsa-200812-13.xml
http://secunia.com/advisories/33140
http://secunia.com/advisories/32463
http://www.redhat.com/support/errata/RHSA-2008-0939.html
http://www.vupen.com/english/advisories/2008/3103
http://www.vupen.com/english/advisories/2008/3153
http://www.vupen.com/english/advisories/2008/2947
http://secunia.com/advisories/32856
http://www.ubuntu.com/usn/usn-677-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/46166
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10849
History
Created Old Value New Value Data Type Notes
2022-05-10 08:24:50 Added to TrackCVE