CVE-2008-2238Manipulated WMF files can lead to heap overflows and arbitrary code execution
1. ImpactA security vulnerability with the way OpenOffice 2.x process EMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now. 2. Affected releasesAll versions prior to OpenOffice.org 2.4.2 3. SymptomsThere are no predictable symptoms that would indicate this issue has occurred 4. Relief/WorkaroundThere is no workaround. See "Resolution" below. 5. ResolutionThis issue is addressed in the following release: OpenOffice.org 2.4.2 Note: OpenOffice.org 3.0 is not affected by this vulnerability. Security Home -> Bulletin -> CVE-2008-2238 6. CommentsOpenOffice.org acknowledges with thanks, an anonymous researcher working with the iDefense VCP. |
By any use of this Website, you agree to be bound by these Policies and Terms of Use
CollabNet is a trademark of CollabNet, Inc., Sun, Sun Microsystems, the Sun logo, Java, Solaris, StarOffice are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.