9.3 - SUN-231642

Executive Summary

Summary
Title	Sun Alert 231642 Security Vulnerability for OLE Files in StarOffice 7 and 8, StarSuite 7 and 8

Informations
Name	SUN-231642	First vendor Publication	2008-04-25
Vendor	Sun	Last vendor Modification	2008-05-01
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: StarOffice 7, StarSuite 7, StarOffice 8, StarSuite 8

A security vulnerability with the way StarOffice/StarSuite 7 and 8 process OLE files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.

OLE is typically used with MS Office documents (these typically have names ending in 'doc', 'ppt', 'xls', etc.) but the issue might also occur with documents from StarOffice 5 and older versions (for example, with names ending in 'sdw', 'sdc', 'sdi', etc).

Sun acknowledges with thanks, an anonymous researcher working with the iDefense Vulnerability Contributor Program (VCP)?? at??http://labs.idefense.com/vcp/.

This issue is described in the following:

CVE-2008-0320 at http://www.security-database.com/detail.php?cve=CVE-2008-0320

State: Resolved

First released: 25-Apr-2008

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-231642-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_231642_security_vulnerability

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10318

Oval ID:	oval:org.mitre.oval:def:10318
Title:	Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
Description:	Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-0320	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section openoffice.org-libs is earlier than 0:1.1.2-41.2.0.EL3 AND openoffice.org is earlier than 0:1.1.2-41.2.0.EL3 AND openoffice.org-i18n is earlier than 0:1.1.2-41.2.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section openoffice.org2-langpack-lt_LT is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-nn_NO is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ga_IE is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-zh_CN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-javafilter is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-he_IL is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-draw is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ko_KR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ca_ES is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-base is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-fr is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org is earlier than 0:1.1.5-10.6.0.3.EL4 AND openoffice.org-libs is earlier than 0:1.1.5-10.6.0.3.EL4 AND openoffice.org2-langpack-pa_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-da_DK is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-emailmerge is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-pt_PT is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-es is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sv is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ms_MY is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-cs_CZ is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-xsltfilter is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ja_JP is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-hu_HU is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-zh_TW is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sl_SI is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-de is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-pyuno is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2 is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-tr_TR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-impress is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-bn is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ar is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-pt_BR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-af_ZA is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-pl_PL is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-calc is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-zu_ZA is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-fi_FI is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sk_SK is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-hi_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-nb_NO is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-th_TH is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-et_EE is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-gl_ES is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-it is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-hr_HR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org-i18n is earlier than 0:1.1.5-10.6.0.3.EL4 AND openoffice.org2-langpack-ta_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-gu_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-testtools is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org-kde is earlier than 0:1.1.5-10.6.0.3.EL4 AND openoffice.org2-langpack-eu_ES is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-el_GR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-core is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ru is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-bg_BG is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-nl is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sr_CS is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-cy_GB is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-math is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-graphicfilter is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-writer is earlier than 0:2.0.4-5.7.0.4.0 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openoffice.org-langpack-sk_SK is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-zu_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pa_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-hi_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-et_EE is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-kn_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-zh_TW is earlier than 0:2.0.4-5.4.26 AND openoffice.org-writer is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ve_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ga_IE is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ta_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ko_KR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-or_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-da_DK is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-sr_CS is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pl_PL is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-fr is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ts_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-javafilter is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-as_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-testtools is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-hr_HR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-de is earlier than 0:2.0.4-5.4.26 AND openoffice.org-emailmerge is earlier than 0:2.0.4-5.4.26 AND openoffice.org-xsltfilter is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-tn_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-te_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-sv is earlier than 0:2.0.4-5.4.26 AND openoffice.org-base is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ca_ES is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nr_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-core is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nl is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ur is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nn_NO is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ar is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ja_JP is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-gu_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-tr_TR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-eu_ES is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-fi_FI is earlier than 0:2.0.4-5.4.26 AND openoffice.org-graphicfilter is earlier than 0:2.0.4-5.4.26 AND openoffice.org-pyuno is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ml_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-gl_ES is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-zh_CN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-xh_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-it is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-es is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nb_NO is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-sl_SI is earlier than 0:2.0.4-5.4.26 AND openoffice.org-draw is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nso_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ms_MY is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-el_GR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-hu_HU is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ss_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-bn is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-he_IL is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pt_PT is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-lt_LT is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-af_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-bg_BG is earlier than 0:2.0.4-5.4.26 AND openoffice.org-calc is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-cs_CZ is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-cy_GB is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-mr_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-th_TH is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pt_BR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ru is earlier than 0:2.0.4-5.4.26 AND openoffice.org-math is earlier than 0:2.0.4-5.4.26 AND openoffice.org-impress is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-st_ZA is earlier than 0:2.0.4-5.4.26

Definition Id: oval:org.mitre.oval:def:17630

Oval ID:	oval:org.mitre.oval:def:17630
Title:	USN-609-1 -- hsqldb, openoffice.org/-amd64 vulnerabilities
Description:	It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org.
Family:	unix	Class:	patch
Reference(s):	USN-609-1 CVE-2007-4575 CVE-2007-5745 CVE-2007-5746 CVE-2007-5747 CVE-2008-0320	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10	Product(s):	hsqldb openoffice.org openoffice.org-amd64
Definition Synopsis:
Release section Ubuntu 6.06 is installed Packages match section libhsqldb-java DPKG is earlier than 1.8.0.2-1ubuntu1.1 AND openoffice.org-core DPKG is earlier than 2.0.2-2ubuntu12.6 AND openoffice.org2-base DPKG is earlier than 2.0.2-2ubuntu12.6 AND Release section Ubuntu 7.04 is installed Packages match section libhsqldb-java DPKG is earlier than 1.8.0.7-1ubuntu2.1 AND openoffice.org-core DPKG is earlier than 2.2.0-1ubuntu6 AND Release section Ubuntu 7.10 is installed Packages match section libhsqldb-java DPKG is earlier than 1.8.0.8-1ubuntu1.1 AND openoffice.org-core DPKG is earlier than 1:2.3.0-1ubuntu5.4

Definition Id: oval:org.mitre.oval:def:18730

Oval ID:	oval:org.mitre.oval:def:18730
Title:	DSA-1547-1 openoffice.org
Description:	Several security related problems have been discovered in OpenOffice.org, the free office suite.
Family:	unix	Class:	patch
Reference(s):	DSA-1547-1 CVE-2007-5745 CVE-2007-5746 CVE-2007-5747 CVE-2008-0320	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	openoffice.org
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND openoffice.org DPKG is earlier than 2.0.4.dfsg.2-7etch5

Definition Id: oval:org.mitre.oval:def:8123

Oval ID:	oval:org.mitre.oval:def:8123
Title:	DSA-1547 openoffice.org -- several vulnerabilities
Description:	Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems: Several bugs have been discovered in the way OpenOffice.org parses Quattro Pro files that may lead to a overflow in the heap potentially leading to the execution of arbitrary code. Specially crafted EMF files can trigger a buffer overflow in the heap that may lead to the execution of arbitrary code. A bug has been discovered in the processing of OLE files that can cause a buffer overflow in the heap potentially leading to the execution of arbitrary code. Recently reported problems in the ICU library are fixed in separate libicu packages with DSA 1511 against which OpenOffice.org is linked.
Family:	unix	Class:	patch
Reference(s):	DSA-1547 CVE-2007-5745 CVE-2007-5746 CVE-2007-5747 CVE-2008-0320	Version:	3
Platform(s):	Debian GNU/Linux 4.0 Debian GNU/Linux 3.1	Product(s):	openoffice.org
Definition Synopsis:
Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section openoffice.org-dtd-officedocument1.0 is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-cy is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-cs is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-hu is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-vi is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ca is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-en-us is earlier than 2.0.4.dfsg.2-7etch5 AND ttf-opensymbol is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ka is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-km is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ko is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-pl is earlier than 2.0.4.dfsg.2-7etch5 AND broffice.org is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ku is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-pt is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-xh is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-it is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-pl is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-be-by is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-hr is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-hu is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-mk is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-hi is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-sr-cs is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-he is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-en-za is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-as-in is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ta-in is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-te-in is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-nl is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-eo is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-el is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-zu is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-hi-in is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-zh-tw is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-za is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-et is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-fr is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-rw is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-es is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ru is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-bs is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-br is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-bn is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-bg is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-sl is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ja is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-en-gb is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-sk is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-st is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-sv is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ss is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-sv is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-dz is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-da is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-de is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-sl is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-java-common is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ga is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ts is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-tr is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-tn is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-th is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-tg is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-et is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-es is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-filter-mobiledev is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-or-in is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-en is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-lt is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-lv is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-de is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-da is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-uk is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-dz is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-lo is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ml-in is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-en-gb is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-af is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-common is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-ja is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-zh-cn is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ve is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-zh-cn is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-it is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-gu-in is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-in is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-zh-tw is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-ru is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-fr is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-pt-br is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-pt-br is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-ko is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-km is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-fa is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-fi is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-qa-api-tests is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-hi-in is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ns is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-nr is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-dev-doc is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-nn is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-nl is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-help-cs is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-ne is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-pa-in is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-l10n-nb is earlier than 2.0.4.dfsg.2-7etch5 AND libmythes-dev is earlier than 2.0.4.dfsg.2-7etch5 OR Architecture dependent section Supported architectures section Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is amd64 AND Packages section openoffice.org-filter-so52 is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-impress is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-evolution is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-base is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-math is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-calc is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-qa-tools is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-dbg is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-gtk is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-officebean is earlier than 2.0.4.dfsg.2-7etch5 AND python-uno is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-gtk-gnome is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-writer is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-dev is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-gcj is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-kde is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-draw is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-gnome is earlier than 2.0.4.dfsg.2-7etch5 AND openoffice.org-core is earlier than 2.0.4.dfsg.2-7etch5 OR Release section Debian GNU/Linux 3.1 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section openoffice.org-l10n-ar is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-cy is earlier than 1.1.3-9sarge9 AND openoffice.org is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-da is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-cs is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-af is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-ca is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-en is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-pt-br is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-el is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-gl is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-zu is earlier than 1.1.3-9sarge9 AND openoffice.org-thesaurus-en-us is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-kn is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-ko is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-pl is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-it is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-tr is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-zh-tw is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-tn is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-pt is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-et is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-eu is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-es is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-ru is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-th is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-zh-cn is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-fr is earlier than 1.1.3-9sarge9 AND ttf-opensymbol is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-ns is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-fi is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-sl is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-lt is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-ja is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-sk is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-de is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-hu is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-hi is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-nn is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-nl is earlier than 1.1.3-9sarge9 AND openoffice.org-mimelnk is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-sv is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-he is earlier than 1.1.3-9sarge9 AND openoffice.org-l10n-nb is earlier than 1.1.3-9sarge9 OR Architecture dependent section Supported architectures section Installed architecture is sparc AND Installed architecture is s390 AND Installed architecture is i386 AND Installed architecture is powerpc AND Packages section openoffice.org-dev is earlier than 1.1.3-9sarge9 AND openoffice.org-gtk-gnome is earlier than 1.1.3-9sarge9 AND openoffice.org-evolution is earlier than 1.1.3-9sarge9 AND openoffice.org-bin is earlier than 1.1.3-9sarge9 AND openoffice.org-kde is earlier than 1.1.3-9sarge9

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openoffice Openoffice.Org cpe:2.3:a:openoffice:openoffice.org:2.3.1:::::::* cpe:2.3:a:openoffice:openoffice.org:2.3:::::::* cpe:2.3:a:openoffice:openoffice.org:2.2.1:::::::* cpe:2.3:a:openoffice:openoffice.org:2.2:::::::* cpe:2.3:a:openoffice:openoffice.org:2.1.154:::::::* cpe:2.3:a:openoffice:openoffice.org:2.1.152:::::::* cpe:2.3:a:openoffice:openoffice.org:2.1:::::::* cpe:2.3:a:openoffice:openoffice.org:2.0.4:::::::* cpe:2.3:a:openoffice:openoffice.org:2.0.3:::::::* cpe:2.3:a:openoffice:openoffice.org:2.0.2:rc2:::::: cpe:2.3:a:openoffice:openoffice.org:2.0.2:rc1:::::: cpe:2.3:a:openoffice:openoffice.org:2.0.2:::::::* cpe:2.3:a:openoffice:openoffice.org:2.0.1:::::::* cpe:2.3:a:openoffice:openoffice.org:2.0:::::::* cpe:2.3:a:openoffice:openoffice.org:2.0:beta2:::::: cpe:2.3:a:openoffice:openoffice.org:1.9.95:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.93:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.91:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.87:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.84:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.680:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.156:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.130:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.122:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.118:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.113:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.104:::::::* cpe:2.3:a:openoffice:openoffice.org:1.9.100:::::::* cpe:2.3:a:openoffice:openoffice.org:1.1.5:::::::* cpe:2.3:a:openoffice:openoffice.org:1.1.4:::::::* cpe:2.3:a:openoffice:openoffice.org:1.1.3:::::::* cpe:2.3:a:openoffice:openoffice.org:1.1.2:::::::* cpe:2.3:a:openoffice:openoffice.org:1.1.1:::::::* cpe:2.3:a:openoffice:openoffice.org:1.1:rc1:::::: cpe:2.3:a:openoffice:openoffice.org:1.1:beta:::::: cpe:2.3:a:openoffice:openoffice.org:1.1:::::::* cpe:2.3:a:openoffice:openoffice.org:1.1:rc3:::::: cpe:2.3:a:openoffice:openoffice.org:1.1:beta2:::::: cpe:2.3:a:openoffice:openoffice.org:1.0.3.1:::::::* cpe:2.3:a:openoffice:openoffice.org:1.0.2:::::::* cpe:2.3:a:openoffice:openoffice.org:1.0.1:::::::* cpe:2.3:a:openoffice:openoffice.org:1.0.0:::::::* cpe:2.3:a:openoffice:openoffice.org:1.0-ru:::::::* cpe:2.3:a:openoffice:openoffice.org::::::::	44

SAINT Exploits

Description	Link
OpenOffice OLE importer DocumentSummaryInformation buffer overflow	More info here

ExploitDB Exploits

id	Description
2012-05-25	OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow

OpenVAS Exploits

Date	Description
2009-04-09	Name : Mandriva Update for openoffice.org MDVSA-2008:095 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2008_095.nasl
2009-03-23	Name : Ubuntu Update for hsqldb, openoffice.org/-amd64 vulnerabilities USN-609-1 File : nvt/gb_ubuntu_USN_609_1.nasl
2009-03-06	Name : RedHat Update for openoffice.org RHSA-2008:0175-01 File : nvt/gb_RHSA-2008_0175-01_openoffice.org.nasl
2009-03-06	Name : RedHat Update for openoffice.org RHSA-2008:0176-01 File : nvt/gb_RHSA-2008_0176-01_openoffice.org.nasl
2009-02-27	Name : CentOS Update for openoffice.org2-base CESA-2008:0175 centos4 i386 File : nvt/gb_CESA-2008_0175_openoffice.org2-base_centos4_i386.nasl
2009-02-27	Name : CentOS Update for openoffice.org2-base CESA-2008:0175 centos4 x86_64 File : nvt/gb_CESA-2008_0175_openoffice.org2-base_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for openoffice.org CESA-2008:0176 centos3 i386 File : nvt/gb_CESA-2008_0176_openoffice.org_centos3_i386.nasl
2009-02-27	Name : CentOS Update for openoffice.org CESA-2008:0176 centos3 x86_64 File : nvt/gb_CESA-2008_0176_openoffice.org_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for openoffice.org CESA-2008:0176 centos4 i386 File : nvt/gb_CESA-2008_0176_openoffice.org_centos4_i386.nasl
2009-02-27	Name : CentOS Update for openoffice.org CESA-2008:0176 centos4 x86_64 File : nvt/gb_CESA-2008_0176_openoffice.org_centos4_x86_64.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-3251 File : nvt/gb_fedora_2008_3251_openoffice.org_fc8.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-9333 File : nvt/gb_fedora_2008_9333_openoffice.org_fc8.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-7531 File : nvt/gb_fedora_2008_7531_openoffice.org_fc8.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-5247 File : nvt/gb_fedora_2008_5247_openoffice.org_fc8.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-5239 File : nvt/gb_fedora_2008_5239_openoffice.org_fc7.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-4104 File : nvt/gb_fedora_2008_4104_openoffice.org_fc7.nasl
2009-01-23	Name : SuSE Update for OpenOffice_org SUSE-SA:2008:023 File : nvt/gb_suse_2008_023.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200805-16 (openoffice openoffice-bin) File : nvt/glsa_200805_16.nasl
2008-04-21	Name : Debian Security Advisory DSA 1547-1 (openoffice.org) File : nvt/deb_1547_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
44472	OpenOffice.org (OOo) OLE Importer DocumentSummaryInformation Stream Handling ...

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft Office Excel FngGroupCount record overflow attempt RuleID : 27634 - Revision : 2 - Type : FILE-OFFICE
2014-01-10	OpenOffice OLE File Stream Buffer Overflow attempt RuleID : 26453 - Revision : 3 - Type : FILE-OFFICE
2014-01-10	OpenOffice OLE file stream buffer overflow attempt RuleID : 17315 - Revision : 14 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0176.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080417_openoffice_org2_on_SL4_5_and_4_6.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080417_openoffice_org_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080417_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-095.nasl - Type : ACT_GATHER_INFO
2008-05-20	Name : The remote Fedora host is missing a security update. File : fedora_2008-4104.nasl - Type : ACT_GATHER_INFO
2008-05-16	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-16.nasl - Type : ACT_GATHER_INFO
2008-05-09	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-609-1.nasl - Type : ACT_GATHER_INFO
2008-04-25	Name : The remote Fedora host is missing a security update. File : fedora_2008-3251.nasl - Type : ACT_GATHER_INFO
2008-04-22	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0175.nasl - Type : ACT_GATHER_INFO
2008-04-22	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0176.nasl - Type : ACT_GATHER_INFO
2008-04-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0175.nasl - Type : ACT_GATHER_INFO
2008-04-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0176.nasl - Type : ACT_GATHER_INFO
2008-04-22	Name : The remote openSUSE host is missing a security update. File : suse_OpenOffice_org-5053.nasl - Type : ACT_GATHER_INFO
2008-04-18	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1547.nasl - Type : ACT_GATHER_INFO
2008-04-17	Name : The remote Windows host has a program that is affected by multiple vulnerabil... File : openoffice_240.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	4
CPE ID(s)	44
Saint Exploit(s)	1
osvdb(s)	1
ExploitDB Exploit(s)	1
Openvas Exploit(s)	19
Snort® Rule(s)	3
Nessus® Exploit(s)	16

	Related
9.3	CVE-2008-0320
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)