Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2008-0668 First vendor Publication 2008-02-11
Vendor Cve Last vendor Modification 2011-03-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0668

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17671
 
Oval ID: oval:org.mitre.oval:def:17671
Title: USN-604-1 -- gnumeric vulnerability
Description: Thilo Pfennig and Morten Welinder discovered that the XLS spreadsheet handling code in Gnumeric did not correctly calculate needed memory sizes.
Family: unix Class: patch
Reference(s): USN-604-1
CVE-2008-0668
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
Product(s): gnumeric
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20233
 
Oval ID: oval:org.mitre.oval:def:20233
Title: DSA-1546-1 gnumeric
Description: Thilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application. These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet.
Family: unix Class: patch
Reference(s): DSA-1546-1
CVE-2008-0668
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): gnumeric
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8059
 
Oval ID: oval:org.mitre.oval:def:8059
Title: DSA-1546 gnumeric -- integer overflow
Description: Thilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application. These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet.
Family: unix Class: patch
Reference(s): DSA-1546
CVE-2008-0668
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): gnumeric
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2009-04-09 Name : Mandriva Update for gnumeric MDVSA-2008:056 (gnumeric)
File : nvt/gb_mandriva_MDVSA_2008_056.nasl
2009-03-23 Name : Ubuntu Update for gnumeric vulnerability USN-604-1
File : nvt/gb_ubuntu_USN_604_1.nasl
2009-02-16 Name : Fedora Update for gnumeric FEDORA-2008-1313
File : nvt/gb_fedora_2008_1313_gnumeric_fc7.nasl
2009-02-16 Name : Fedora Update for gnumeric FEDORA-2008-1403
File : nvt/gb_fedora_2008_1403_gnumeric_fc8.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200802-05 (gnumeric)
File : nvt/glsa_200802_05.nasl
2008-04-21 Name : Debian Security Advisory DSA 1546-1 (gnumeric)
File : nvt/deb_1546_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
42835 Gnumeric plugins/excel/ms-excel-read.c excel_read_HLINK Function XLS HLINK Op...

Nessus® Vulnerability Scanner

Date Description
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-056.nasl - Type : ACT_GATHER_INFO
2008-07-23 Name : The remote openSUSE host is missing a security update.
File : suse_gnumeric-5393.nasl - Type : ACT_GATHER_INFO
2008-04-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-604-1.nasl - Type : ACT_GATHER_INFO
2008-04-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1546.nasl - Type : ACT_GATHER_INFO
2008-02-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200802-05.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1313.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1403.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/27536
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=208356
http://bugzilla.gnome.org/show_bug.cgi?id=505330
http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml
DEBIAN http://www.debian.org/security/2008/dsa-1546
FEDORA https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0011...
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0022...
GENTOO http://security.gentoo.org/glsa/glsa-200802-05.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:056
SECUNIA http://secunia.com/advisories/28725/
http://secunia.com/advisories/28799
http://secunia.com/advisories/28948
http://secunia.com/advisories/29702
http://secunia.com/advisories/29896
http://secunia.com/advisories/31339
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html
UBUNTU http://www.ubuntu.com/usn/usn-604-1
VUPEN http://www.vupen.com/english/advisories/2008/0462

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2020-05-23 01:39:05
  • Multiple Updates
2020-05-23 00:21:14
  • Multiple Updates
2016-06-28 23:58:15
  • Multiple Updates
2016-04-26 17:06:14
  • Multiple Updates
2014-02-17 10:43:43
  • Multiple Updates
2013-05-11 00:08:55
  • Multiple Updates