cvelistv5 - cve-2008-2152

CVE-2008-2152 (GCVE-0-2008-2152)

Vulnerability from cvelistv5

Published

2008-06-10 18:00

Modified

2024-08-07 08:49

Severity ?

CWE

Summary

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.

References

URL

Tags

	http://secunia.com/advisories/30635	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-0537.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/30633	third-party-advisory, x_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1	vendor-advisory, x_refsource_SUNALERT
	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id?1020219	vdb-entry, x_refsource_SECTRACK
	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html	vendor-advisory, x_refsource_FEDORA
	http://security.gentoo.org/glsa/glsa-200807-05.xml	vendor-advisory, x_refsource_GENTOO
	http://www.vupen.com/english/advisories/2008/1804/references	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787	vdb-entry, signature, x_refsource_OVAL
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:138	vendor-advisory, x_refsource_MANDRIVA
	http://www.openoffice.org/security/cves/CVE-2008-2152.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2008-0538.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/30634	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30599	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html	vendor-advisory, x_refsource_FEDORA
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714	third-party-advisory, x_refsource_IDEFENSE
	https://exchange.xforce.ibmcloud.com/vulnerabilities/42957	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2008/1773	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/29622	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/31029	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:137	vendor-advisory, x_refsource_MANDRIVA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:49:58.488Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "30635",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30635"
          },
          {
            "name": "RHSA-2008:0537",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0537.html"
          },
          {
            "name": "30633",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30633"
          },
          {
            "name": "237944",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1"
          },
          {
            "name": "FEDORA-2008-5143",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html"
          },
          {
            "name": "1020219",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020219"
          },
          {
            "name": "FEDORA-2008-5247",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html"
          },
          {
            "name": "GLSA-200807-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200807-05.xml"
          },
          {
            "name": "ADV-2008-1804",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1804/references"
          },
          {
            "name": "oval:org.mitre.oval:def:9787",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787"
          },
          {
            "name": "MDVSA-2008:138",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:138"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2008-2152.html"
          },
          {
            "name": "RHSA-2008:0538",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0538.html"
          },
          {
            "name": "30634",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30634"
          },
          {
            "name": "30599",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30599"
          },
          {
            "name": "FEDORA-2008-5239",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html"
          },
          {
            "name": "20080610 Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714"
          },
          {
            "name": "openoffice-rtlallocatememory-bo(42957)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42957"
          },
          {
            "name": "ADV-2008-1773",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1773"
          },
          {
            "name": "29622",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29622"
          },
          {
            "name": "31029",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31029"
          },
          {
            "name": "MDVSA-2008:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:137"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "30635",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30635"
        },
        {
          "name": "RHSA-2008:0537",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0537.html"
        },
        {
          "name": "30633",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30633"
        },
        {
          "name": "237944",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1"
        },
        {
          "name": "FEDORA-2008-5143",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html"
        },
        {
          "name": "1020219",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020219"
        },
        {
          "name": "FEDORA-2008-5247",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html"
        },
        {
          "name": "GLSA-200807-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200807-05.xml"
        },
        {
          "name": "ADV-2008-1804",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1804/references"
        },
        {
          "name": "oval:org.mitre.oval:def:9787",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787"
        },
        {
          "name": "MDVSA-2008:138",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:138"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2008-2152.html"
        },
        {
          "name": "RHSA-2008:0538",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0538.html"
        },
        {
          "name": "30634",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30634"
        },
        {
          "name": "30599",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30599"
        },
        {
          "name": "FEDORA-2008-5239",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html"
        },
        {
          "name": "20080610 Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714"
        },
        {
          "name": "openoffice-rtlallocatememory-bo(42957)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42957"
        },
        {
          "name": "ADV-2008-1773",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1773"
        },
        {
          "name": "29622",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29622"
        },
        {
          "name": "31029",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31029"
        },
        {
          "name": "MDVSA-2008:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:137"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2152",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30635",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30635"
            },
            {
              "name": "RHSA-2008:0537",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0537.html"
            },
            {
              "name": "30633",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30633"
            },
            {
              "name": "237944",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1"
            },
            {
              "name": "FEDORA-2008-5143",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html"
            },
            {
              "name": "1020219",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020219"
            },
            {
              "name": "FEDORA-2008-5247",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html"
            },
            {
              "name": "GLSA-200807-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200807-05.xml"
            },
            {
              "name": "ADV-2008-1804",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1804/references"
            },
            {
              "name": "oval:org.mitre.oval:def:9787",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787"
            },
            {
              "name": "MDVSA-2008:138",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:138"
            },
            {
              "name": "http://www.openoffice.org/security/cves/CVE-2008-2152.html",
              "refsource": "CONFIRM",
              "url": "http://www.openoffice.org/security/cves/CVE-2008-2152.html"
            },
            {
              "name": "RHSA-2008:0538",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0538.html"
            },
            {
              "name": "30634",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30634"
            },
            {
              "name": "30599",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30599"
            },
            {
              "name": "FEDORA-2008-5239",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html"
            },
            {
              "name": "20080610 Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714"
            },
            {
              "name": "openoffice-rtlallocatememory-bo(42957)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42957"
            },
            {
              "name": "ADV-2008-1773",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1773"
            },
            {
              "name": "29622",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29622"
            },
            {
              "name": "31029",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31029"
            },
            {
              "name": "MDVSA-2008:137",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:137"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2152",
    "datePublished": "2008-06-10T18:00:00.000Z",
    "dateReserved": "2008-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:49:58.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-300

Vulnerability from certfr_avis

Une vulnérabilité dans OpenOffice.org permet l'exécution de code arbitraire à distance.

Description

Une vulnérabilité a été découverte dans la fonction d'allocation de la mémoire utilisée par OpenOffice.org. Un utilisateur malintentionné peut, par le biais d'un document OpenOffice.org spécifiquement constitué, exécuter du code arbitraire à distance.

Solution

Mettre OpenOffice.org à jour en version 2.4.1 (cf. section Documentation).

OpenOffice.org de la version 2.0 à la version 2.4.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité OpenOffice.org CVE-2008-2152	None	vendor-advisory
Téléchargement de la dernière version d'OpenOffice.org :	-	other
Bulletin de sécurité Red Hat RHSA-2008:0538-7 du 12 juin 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eOpenOffice.org\u003c/SPAN\u003e de la version 2.0 \u00e0  la version 2.4.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la fonction d\u0027allocation de la\nm\u00e9moire utilis\u00e9e par OpenOffice.org. Un utilisateur malintentionn\u00e9 peut,\npar le biais d\u0027un document OpenOffice.org sp\u00e9cifiquement constitu\u00e9,\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nMettre OpenOffice.org \u00e0 jour en version 2.4.1 (cf. section\nDocumentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2152"
    }
  ],
  "initial_release_date": "2008-06-10T00:00:00",
  "last_revision_date": "2008-06-25T00:00:00",
  "links": [
    {
      "title": "T\u00e9l\u00e9chargement de la derni\u00e8re version d\u0027OpenOffice.org :",
      "url": "http://download.openoffice.org/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:0538-7 du 12 juin    2008 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0538.html"
    }
  ],
  "reference": "CERTA-2008-AVI-300",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-10T00:00:00.000000"
    },
    {
      "description": "remplacement de OpenOffice par OpenOffice.org.",
      "revision_date": "2008-06-11T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Red Hat.",
      "revision_date": "2008-06-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eOpenOffice.org\u003c/span\u003e permet\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans OpenOffice.org",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenOffice.org CVE-2008-2152",
      "url": "http://www.openoffice.org/security/cves/CVE-2008-2152.html"
    }
  ]
}

CERTA-2008-AVI-315

Vulnerability from certfr_avis

Une vulnérabilité dans StarOffice et StarSuite permet à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité de type débordement de mémoire a été identifiée dans Sun StarOffice et StarSuite. Une personne malintentionnée pourrait ainsi exécuter du code arbitraire en incitant une personne à ouvrir un document spécialement construit. Cette vulnérabilité est la même que celle détaillée dans l'avis CERTA-2008-AVI-300 concernant OpenOffice.org.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

StarOffice 8.x et StarSuite 8.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Alerte de sécurité Sun #237944 du 11 juin 2008	None	vendor-advisory
Document du CERTA CERTA-2008-AVI-300 du 10 juin 2008 :	-	other
Bulletin de sécurité Sun Solaris #237944 du 11 juin 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eStarOffice 8.x et StarSuite 8.x.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire a \u00e9t\u00e9 identifi\u00e9e dans\nSun StarOffice et StarSuite. Une personne malintentionn\u00e9e pourrait ainsi\nex\u00e9cuter du code arbitraire en incitant une personne \u00e0 ouvrir un\ndocument sp\u00e9cialement construit. Cette vuln\u00e9rabilit\u00e9 est la m\u00eame que\ncelle d\u00e9taill\u00e9e dans l\u0027avis CERTA-2008-AVI-300 concernant\nOpenOffice.org.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2152"
    }
  ],
  "initial_release_date": "2008-06-13T00:00:00",
  "last_revision_date": "2008-06-13T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2008-AVI-300 du 10 juin 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-300/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #237944 du 11 juin 2008 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-237944-1"
    }
  ],
  "reference": "CERTA-2008-AVI-315",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eStarOffice\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eStarSuite\u003c/span\u003e permet \u00e0 une personne malintentionn\u00e9e\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Sun StarOffice et StarSuite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 Sun #237944 du 11 juin 2008",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-2152 (GCVE-0-2008-2152)

Vulnerability from cvelistv5

CERTA-2008-AVI-300

Vulnerability from certfr_avis

Description

Solution

CERTA-2008-AVI-315

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature