CVE-2008-2152

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-2152
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714
http://secunia.com/advisories/30599 Vendor Advisory
http://secunia.com/advisories/30633
http://secunia.com/advisories/30634
http://secunia.com/advisories/30635
http://secunia.com/advisories/31029
http://security.gentoo.org/glsa/glsa-200807-05.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:137
http://www.mandriva.com/security/advisories?name=MDVSA-2008:138
http://www.openoffice.org/security/cves/CVE-2008-2152.html
http://www.redhat.com/support/errata/RHSA-2008-0537.html
http://www.redhat.com/support/errata/RHSA-2008-0538.html
http://www.securityfocus.com/bid/29622
http://www.securitytracker.com/id?1020219
http://www.vupen.com/english/advisories/2008/1773
http://www.vupen.com/english/advisories/2008/1804/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714
http://secunia.com/advisories/30599 Vendor Advisory
http://secunia.com/advisories/30633
http://secunia.com/advisories/30634
http://secunia.com/advisories/30635
http://secunia.com/advisories/31029
http://security.gentoo.org/glsa/glsa-200807-05.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:137
http://www.mandriva.com/security/advisories?name=MDVSA-2008:138
http://www.openoffice.org/security/cves/CVE-2008-2152.html
http://www.redhat.com/support/errata/RHSA-2008-0537.html
http://www.redhat.com/support/errata/RHSA-2008-0538.html
http://www.securityfocus.com/bid/29622
http://www.securitytracker.com/id?1020219
http://www.vupen.com/english/advisories/2008/1773
http://www.vupen.com/english/advisories/2008/1804/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:*
History

21 Nov 2024, 00:46

Type Values Removed Values Added
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714 - () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714 -
References () http://secunia.com/advisories/30599 - Vendor Advisory () http://secunia.com/advisories/30599 - Vendor Advisory
References () http://secunia.com/advisories/30633 - () http://secunia.com/advisories/30633 -
References () http://secunia.com/advisories/30634 - () http://secunia.com/advisories/30634 -
References () http://secunia.com/advisories/30635 - () http://secunia.com/advisories/30635 -
References () http://secunia.com/advisories/31029 - () http://secunia.com/advisories/31029 -
References () http://security.gentoo.org/glsa/glsa-200807-05.xml - () http://security.gentoo.org/glsa/glsa-200807-05.xml -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:137 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:137 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:138 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:138 -
References () http://www.openoffice.org/security/cves/CVE-2008-2152.html - () http://www.openoffice.org/security/cves/CVE-2008-2152.html -
References () http://www.redhat.com/support/errata/RHSA-2008-0537.html - () http://www.redhat.com/support/errata/RHSA-2008-0537.html -
References () http://www.redhat.com/support/errata/RHSA-2008-0538.html - () http://www.redhat.com/support/errata/RHSA-2008-0538.html -
References () http://www.securityfocus.com/bid/29622 - () http://www.securityfocus.com/bid/29622 -
References () http://www.securitytracker.com/id?1020219 - () http://www.securitytracker.com/id?1020219 -
References () http://www.vupen.com/english/advisories/2008/1773 - () http://www.vupen.com/english/advisories/2008/1773 -
References () http://www.vupen.com/english/advisories/2008/1804/references - () http://www.vupen.com/english/advisories/2008/1804/references -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/42957 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/42957 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787 -
References () https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html - () https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html -
References () https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html - () https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html -
References () https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html - () https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html -
Information

Published : 2008-06-10 18:32

Updated : 2025-04-09 00:30

NVD link : CVE-2008-2152

Mitre link : CVE-2008-2152

CVE.ORG link : CVE-2008-2152

JSON object : View

Products Affected

openoffice

  • openoffice.org
CWE
CWE-189

Numeric Errors