The Free and Open Productivity Suite
Released: Apache OpenOffice 4.1.15


Manipulated WMF files can lead to heap overflows and arbitrary code execution

1. Impact

A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now.

2. Affected releases

All versions prior to 2.4.2

3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred

4. Relief/Workaround

There is no workaround. See "Resolution" below.

5. Resolution

This issue is addressed in the following release: 2.4.2

Note: 3.0 is not affected by this vulnerability.

Security Home -> Bulletin -> CVE-2008-2237

6. Comments acknowledges with thanks, an anonymous researcher working with the SureRun Security Team.

Apache Software Foundation

Copyright & License | Privacy | Contact Us | Donate | Thanks

Apache, OpenOffice, and the seagull logo are registered trademarks of The Apache Software Foundation. The Apache feather logo is a trademark of The Apache Software Foundation. Other names appearing on the site may be trademarks of their respective owners.