CVE-2008-2237

Published: Oct 30, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.

Affected (13)

Products: Openoffice: Openoffice.org

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Openoffice Openoffice.org	All versions
Openoffice Openoffice.org	Up to 2.4.1
Openoffice Openoffice.org	Version 2.0.2
Openoffice Openoffice.org	Version 2.0.3
Openoffice Openoffice.org	Version 2.0.4
Openoffice Openoffice.org	Version 2.0
Openoffice Openoffice.org	Version 2.1
Openoffice Openoffice.org	Version 2.2.1
Openoffice Openoffice.org	Version 2.2
Openoffice Openoffice.org	Version 2.3.1
Openoffice Openoffice.org	Version 2.3
Openoffice Openoffice.org	Version 2.4.1
Openoffice Openoffice.org	Version 2.4

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (50)

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

Source: cve@mitre.org

http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes

Source: cve@mitre.org

http://secunia.com/advisories/32419

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/32461

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/32463

Source: cve@mitre.org

http://secunia.com/advisories/32489

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/32676

Source: cve@mitre.org

http://secunia.com/advisories/32856

Source: cve@mitre.org

http://secunia.com/advisories/32872

Source: cve@mitre.org

http://secunia.com/advisories/33140

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200812-13.xml

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-242627-1

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1661

Source: cve@mitre.org

Patch

http://www.openoffice.org/security/cves/CVE-2008-2237.html

Source: cve@mitre.org

Patch

http://www.redhat.com/support/errata/RHSA-2008-0939.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/31962

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1021120

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-677-1

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-677-2

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2947

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/3103

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/46165

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10784

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32419

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/32461

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/32463

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32489

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/32676

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32856

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32872

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33140

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200812-13.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-26-242627-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1661

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.openoffice.org/security/cves/CVE-2008-2237.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.redhat.com/support/errata/RHSA-2008-0939.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31962

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securitytracker.com/id?1021120

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-677-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-677-2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2947

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/3103

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/46165

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10784

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.