SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   StarOffice Vendors:   Sun
(Sun Issues Fix for StarOffice) OpenOffice.org Integer Overflow in Processing WMF META_ESCAPE Records Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1021233
SecurityTracker URL:  http://securitytracker.com/id/1021233
CVE Reference:   CVE-2008-2237   (Links to External Site)
Updated:  Jul 20 2009
Original Entry Date:  Nov 14 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7, 8
Description:   A vulnerability was reported in OpenOffice. A remote user can cause arbitrary code to be executed on the target user's system. Sun StarOffice is affected.

A remote user can create a specially crafted WMF file that, when loaded by the target user, will trigger an integer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Version 3.0 is not affected.

The SureRun Security Team reported this vulnerability.
Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   Sun has issued a fix for StarOffice, which is affected by this vulnerability.

SPARC Platform

* StarOffice/StarSuite 7 with product patch 13 (patch 116519-17) or later
* StarOffice 8 with update 12 (patch 120185-17) or later
* StarSuite 8 with update 12 (patch 120189-17) or later

x86 Platform

* StarOffice/StarSuite 7 with product patch 13 (patch 117073-15) or later
* StarOffice 8 with update 12 (patch 120186-17) or later
* StarSuite 8 with update 12 (patch 120190-17) or later

Linux Platform

* StarOffice/StarSuite 7 with product patch 13 (patch 116518-17) or later
* StarOffice 8 with update 12 (patch 120184-16) or later
* StarSuite 8 with update 12 (patch 120188-16) or later

Windows Platform

* StarOffice/StarSuite 7 with product patch 13 (patch 116520-16) or later
* StarOffice 8 with update 12 (patch 120187-16) or later
* StarSuite 8 with update 12 (patch 120191-16) or later
* StarSuite 8 Impress Standalone with update 13 (patch 128021-05) or later

The Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-242627-1
Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-242627-1 (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Oct 29 2008 OpenOffice.org Integer Overflow in Processing WMF META_ESCAPE Records Lets Remote Users Execute Arbitrary Code


 Source Message Contents
Date:  Fri, 14 Nov 2008 08:42:26 -0500
Subject:  http://sunsolve.sun.com/search/document.do?assetkey=1-66-242627-1



CVE-2008-2237


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC