CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2008-85
Integer overflow Vulnerability in OpenOffice.org

Original Issue Date: June 13, 2008

Severity Rating: High

System Affected

OpenOffice.org versions 2.0 to 2.4

Overview

This vulnerability has been reported in OpenOffice.org which could be exploited by the remote attacker to execute arbitrary code with the privileges of the logged-in users.

Description

A vulnerability has been reported in OpenOffice.org due to an integer overflow error in the custom memory allocation function "rtl_allocateMemory()" when processing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code via a specially crafted file.

Solution

Update OpenOffice.org to Version 2.4.1

Vendor Information

OpenOffice
http://www.openoffice.org/security/cves/CVE-2008-2152.html

References

iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714

FrSIRT
http://www.frsirt.com/english/advisories/2008/1773

Secunia
http://secunia.com/advisories/30599

SecurityFocus
http://www.securityfocus.com/bid/29622

CVE Name
CVE-2008-2152

CWE Name
CWE-189

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2008-85 Integer overflow Vulnerability in OpenOffice.org

CERT-In Vulnerability Note CIVN-2008-85
Integer overflow Vulnerability in OpenOffice.org