|
|
|
|
| |
Credit:
The information has been provided by iDefense.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750
|
| |
Vulnerable Systems:
* OpenOffice version 2.4.1
Immune Systems:
* OpenOffice version 2.4.2
Integer overflow issues exist within the code responsible for parsing multiple EMR records within an EMF file. This allows an attacker to overflow heap memory with data they supplied.
Analysis:
Exploitation of this issue allows an attacker to execute arbitrary code with the privileges of the current user. An attacker would need to entice a user into opening the malformed file using OpenOffice. The file could be distributed to users via a Web page or e-mail attachments. Upon opening the file, exploitation of this issue would occur and execution of arbitrary code would be possible.
Vendor response:
OpenOffice has released OpenOffice.org 2.4.2 which addresses these issues. For more information, consult their advisory at the following URL: http://www.openoffice.org/security/cves/CVE-2008-2238.html
CVE Information:
CVE-2008-2238
Disclosure Timeline:
09/18/2008 - Initial Vendor Notification
09/19/2008 - Initial Vendor Reply
09/19/2008 - Request Additional Information
09/24/2008 - Additional Vendor Feedback
10/29/2008 - Coordinated Public Disclosure
|
|
|
|
|
