CVE-2008-0320

Published: Apr 17, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.

Affected (6)

Products: Openoffice: Openoffice.org

Openoffice

1 product

Openoffice.org

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Openoffice Openoffice.org	Up to 2.3.1
Openoffice Openoffice.org	Version 2.0.3
Openoffice Openoffice.org	Version 2.1
Openoffice Openoffice.org	Version 2.2.1
Openoffice Openoffice.org	Version 2.2
Openoffice Openoffice.org	Version 2.3

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (60)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694

Source: cve@mitre.org

http://secunia.com/advisories/29844

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29852

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29864

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29871

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29910

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29913

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29987

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/30100

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/30179

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200805-16.xml

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-231642-1

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1547

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2008:090

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2008:095

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2008_23_openoffice.html

Source: cve@mitre.org

http://www.openoffice.org/security/bulletin.html

Source: cve@mitre.org

http://www.openoffice.org/security/cves/CVE-2007-4770.html

Source: cve@mitre.org

http://www.openoffice.org/security/cves/CVE-2007-5745.html

Source: cve@mitre.org

http://www.openoffice.org/security/cves/CVE-2008-0320.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0175.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0176.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/28819

Source: cve@mitre.org

http://www.securitytracker.com/id?1019890

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-609-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1253/references

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2008/1375/references

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/41860

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10318

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00448.html

Source: cve@mitre.org

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694