OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
BID:30866
Info
OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
| Bugtraq ID: | 30866 |
| Class: | Design Error |
| CVE: |
CVE-2008-3282 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 27 2008 12:00AM |
| Updated: | May 07 2015 05:11PM |
| Credit: | This issue was disclosed by OpenOffice. |
| Vulnerable: |
Redhat Enterprise Linux Optional Productivity Application 5 server Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client OpenOffice OpenOffice 2.4.1 OpenOffice OpenOffice 2.4 |
| Not Vulnerable: | |
Discussion
OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
OpenOffice is prone to a remote code-execution vulnerability because of errors in memory allocation.
Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted OpenOffice document.
Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.
OpenOffice 2.41 is vulnerable; other versions may also be affected. This issue is limited to builds on 64-bit platforms.
OpenOffice is prone to a remote code-execution vulnerability because of errors in memory allocation.
Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted OpenOffice document.
Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.
OpenOffice 2.41 is vulnerable; other versions may also be affected. This issue is limited to builds on 64-bit platforms.
Exploit / POC
OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
Solution:
The vendor has released updates. Please see the references for more information.
References
OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
References:
References:
- Bug 458056 CVE-2008-3282 openoffice.org: numeric truncation error in memory allo (Red Hat)
- Issue 92217 (OpenOffice)
- OpenOffice Homepage (OpenOffice)
- RHSA-2008:0835-1 openoffice.org security update (Red Hat)