Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 263508 Security Vulnerability in StarOffice/StarSuite Related to Microsoft Word Document Handling may Lead to Arbitrary Code Execution
Informations
Name SUN-263508 First vendor Publication 2009-09-15
Vendor Sun Last vendor Modification 2009-09-15
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: StarOffice/StarSuite 7 StarOffice/StarSuite 8 StarOffice/StarSuite 9

A security vulnerability in StarOffice/StarSuite, related to Microsoft Word
document handling, may allow a remote unprivileged user to execute arbitrary
code on the system with the privileges of a local user running StarOffice/StarSuite,
if the local user opens a crafted Microsoft Word document provided by the remote user.

Sun acknowledges with thanks, Dyon Balding of Secunia Research
(http://secunia.com/secunia_research/) for bringing this issue
to our attention.

Additional information on this issue can be found at:

CVE-2009-0200 at
http://www.security-database.com/detail.php?cve=CVE-2009-0200

CVE-2009-0201 at
http://www.security-database.com/detail.php?cve=CVE-2009-0201


State: Resolved
First released: 15-Sep-2009
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-263508-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_263508_security_vulnerability

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-189 Numeric Errors (CWE/SANS Top 25)
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10726
 
Oval ID: oval:org.mitre.oval:def:10726
Title: Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
Description: Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0201
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10881
 
Oval ID: oval:org.mitre.oval:def:10881
Title: Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
Description: Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0200
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22001
 
Oval ID: oval:org.mitre.oval:def:22001
Title: ELSA-2009:1426: openoffice.org security update (Important)
Description: Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
Family: unix Class: patch
Reference(s): ELSA-2009:1426-01
CVE-2009-0200
CVE-2009-0201
 Version: 13
Platform(s): Oracle Linux 5
 Product(s): openoffice.org
openoffice.org2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29111
 
Oval ID: oval:org.mitre.oval:def:29111
Title: RHSA-2009:1426 -- openoffice.org security update (Important)
Description: Updated openoffice.org packages that correct security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially-crafted Microsoft Word document, which once opened by an unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2009:1426
CESA-2009:1426-CentOS 3
CVE-2009-0200
CVE-2009-0201
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
 Product(s): openoffice.org
openoffice.org2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 59

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for openoffice.org CESA-2009:1426 centos3 i386
File : nvt/gb_CESA-2009_1426_openoffice.org_centos3_i386.nasl
2011-08-09 Name : CentOS Update for openoffice.org CESA-2009:1426 centos4 i386
File : nvt/gb_CESA-2009_1426_openoffice.org_centos4_i386.nasl
2010-05-28 Name : Mandriva Update for openoffice.org MDVSA-2010:105 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_105.nasl
2010-05-07 Name : Mandriva Update for openoffice.org MDVSA-2010:091 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_091.nasl
2010-03-22 Name : Mandriva Update for lvm2 MDVA-2010:105 (lvm2)
File : nvt/gb_mandriva_MDVA_2010_105.nasl
2010-03-12 Name : Mandriva Update for slib MDVA-2010:091 (slib)
File : nvt/gb_mandriva_MDVA_2010_091.nasl
2010-03-12 Name : Mandriva Update for openoffice.org MDVSA-2010:056 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_056.nasl
2010-02-15 Name : Mandriva Update for samba MDVA-2010:056 (samba)
File : nvt/gb_mandriva_MDVA_2010_056.nasl
2010-02-15 Name : Mandriva Update for openoffice.org MDVSA-2010:035 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_035.nasl
2009-09-21 Name : SuSE Security Summary SUSE-SR:2009:015
File : nvt/suse_sr_2009_015.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1426
File : nvt/RHSA_2009_1426.nasl
2009-09-09 Name : Fedora Core 10 FEDORA-2009-9256 (openoffice.org)
File : nvt/fcore_2009_9256.nasl
2009-09-09 Name : CentOS Security Advisory CESA-2009:1426 (openoffice.org)
File : nvt/ovcesa2009_1426.nasl
2009-09-08 Name : OpenOffice.org Word Documents Parsing Buffer Overflow Vulnerability (Linux)
File : nvt/gb_openoffice_word_bof_vuln_lin.nasl
2009-09-08 Name : OpenOffice.org Word Documents Parsing Buffer Overflow Vulnerability (Win)
File : nvt/gb_openoffice_word_bof_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
58211 StarOffice / StarSuite Word Document Table Parsing Heap Overflow
58210 StarOffice / StarSuite Word Document Table Parsing Buffer Overflow
57659 OpenOffice.org (OOo) Word Document Table Parsing Heap Overflow
57658 OpenOffice.org (OOo) Word Document Table Parsing Buffer Overflow

Snort® IPS/IDS

Date Description
2015-07-22 OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt
RuleID : 34925 - Revision : 2 - Type : FILE-OFFICE
2015-07-22 OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt
RuleID : 34924 - Revision : 2 - Type : FILE-OFFICE
2014-01-10 OpenOffice Word document table parsing heap buffer overflow attempt
RuleID : 17665 - Revision : 8 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2014-09-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1426.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1426.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090904_openoffice_org_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_OpenOffice_org-6469.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-090828.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-035.nasl - Type : ACT_GATHER_INFO
2010-05-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-105.nasl - Type : ACT_GATHER_INFO
2010-03-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-056.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1880.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_OpenOffice_org-6421.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-840-1.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-090829.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1426.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_OpenOffice_org-090810.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_OpenOffice_org-math-090810.nasl - Type : ACT_GATHER_INFO
2009-09-04 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9256.nasl - Type : ACT_GATHER_INFO
2009-09-01 Name : The remote Windows host has a program affected by multiple buffer overflows.
File : openoffice_311.nasl - Type : ACT_GATHER_INFO