CVE-2008-2238
OpenOffice.org multiple EMF buffer overflows
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
Desbordamiento de búfer basado en montículo en OpenOffice.org (OOo) v2.x anterior a v2.4.2 permite a atacantes remotos ejecutar código de su elección mediante un archivo EMF manipulado con un documento StarOffice/StarSuite.
Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-05-16 CVE Reserved
- 2008-10-30 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (29)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750 | Third Party Advisory | |
| http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes | X_refsource_confirm | |
| http://secunia.com/advisories/32463 | Third Party Advisory | |
| http://secunia.com/advisories/32676 | Third Party Advisory | |
| http://secunia.com/advisories/32856 | Third Party Advisory | |
| http://secunia.com/advisories/32872 | Third Party Advisory | |
| http://secunia.com/advisories/33140 | Third Party Advisory | |
| http://www.securitytracker.com/id?1021121 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2947 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/3103 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/3153 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46166 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10849 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2008/dsa-1661 | 2017-09-29 | |
| http://www.openoffice.org/security/cves/CVE-2008-2238.html | 2017-09-29 | |
| http://www.securityfocus.com/bid/31962 | 2017-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | * | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | <= 2.4.1 Search vendor "Openoffice" for product "Openoffice.org" and version " <= 2.4.1" | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | 2.0 Search vendor "Openoffice" for product "Openoffice.org" and version "2.0" | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | 2.0.2 Search vendor "Openoffice" for product "Openoffice.org" and version "2.0.2" | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | 2.0.3 Search vendor "Openoffice" for product "Openoffice.org" and version "2.0.3" | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | 2.0.4 Search vendor "Openoffice" for product "Openoffice.org" and version "2.0.4" | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | 2.1 Search vendor "Openoffice" for product "Openoffice.org" and version "2.1" | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | 2.2 Search vendor "Openoffice" for product "Openoffice.org" and version "2.2" | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | 2.2.1 Search vendor "Openoffice" for product "Openoffice.org" and version "2.2.1" | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | 2.3 Search vendor "Openoffice" for product "Openoffice.org" and version "2.3" | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | 2.3.1 Search vendor "Openoffice" for product "Openoffice.org" and version "2.3.1" | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | 2.4 Search vendor "Openoffice" for product "Openoffice.org" and version "2.4" | - |
Affected
| ||||||
| Openoffice Search vendor "Openoffice" | Openoffice.org Search vendor "Openoffice" for product "Openoffice.org" | 2.4.1 Search vendor "Openoffice" for product "Openoffice.org" and version "2.4.1" | 64-bit |
Affected
| ||||||