ID CVE-2009-0200
Summary Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:openoffice:openoffice.org:1.0-ru
    cpe:2.3:a:openoffice:openoffice.org:1.0-ru
  • cpe:2.3:a:openoffice:openoffice.org:1.0.0
    cpe:2.3:a:openoffice:openoffice.org:1.0.0
  • cpe:2.3:a:openoffice:openoffice.org:1.0.1
    cpe:2.3:a:openoffice:openoffice.org:1.0.1
  • cpe:2.3:a:openoffice:openoffice.org:1.0.2
    cpe:2.3:a:openoffice:openoffice.org:1.0.2
  • cpe:2.3:a:openoffice:openoffice.org:1.0.3.1
    cpe:2.3:a:openoffice:openoffice.org:1.0.3.1
  • cpe:2.3:a:openoffice:openoffice.org:1.1
    cpe:2.3:a:openoffice:openoffice.org:1.1
  • cpe:2.3:a:openoffice:openoffice.org:1.1:beta
    cpe:2.3:a:openoffice:openoffice.org:1.1:beta
  • cpe:2.3:a:openoffice:openoffice.org:1.1:beta2
    cpe:2.3:a:openoffice:openoffice.org:1.1:beta2
  • cpe:2.3:a:openoffice:openoffice.org:1.1:rc1
    cpe:2.3:a:openoffice:openoffice.org:1.1:rc1
  • cpe:2.3:a:openoffice:openoffice.org:1.1:rc3
    cpe:2.3:a:openoffice:openoffice.org:1.1:rc3
  • cpe:2.3:a:openoffice:openoffice.org:1.1.1
    cpe:2.3:a:openoffice:openoffice.org:1.1.1
  • cpe:2.3:a:openoffice:openoffice.org:1.1.2
    cpe:2.3:a:openoffice:openoffice.org:1.1.2
  • cpe:2.3:a:openoffice:openoffice.org:1.1.3
    cpe:2.3:a:openoffice:openoffice.org:1.1.3
  • cpe:2.3:a:openoffice:openoffice.org:1.1.4
    cpe:2.3:a:openoffice:openoffice.org:1.1.4
  • cpe:2.3:a:openoffice:openoffice.org:1.1.5
    cpe:2.3:a:openoffice:openoffice.org:1.1.5
  • cpe:2.3:a:openoffice:openoffice.org:1.9.84
    cpe:2.3:a:openoffice:openoffice.org:1.9.84
  • cpe:2.3:a:openoffice:openoffice.org:1.9.87
    cpe:2.3:a:openoffice:openoffice.org:1.9.87
  • cpe:2.3:a:openoffice:openoffice.org:1.9.91
    cpe:2.3:a:openoffice:openoffice.org:1.9.91
  • cpe:2.3:a:openoffice:openoffice.org:1.9.93
    cpe:2.3:a:openoffice:openoffice.org:1.9.93
  • cpe:2.3:a:openoffice:openoffice.org:1.9.95
    cpe:2.3:a:openoffice:openoffice.org:1.9.95
  • cpe:2.3:a:openoffice:openoffice.org:1.9.100
    cpe:2.3:a:openoffice:openoffice.org:1.9.100
  • cpe:2.3:a:openoffice:openoffice.org:1.9.104
    cpe:2.3:a:openoffice:openoffice.org:1.9.104
  • cpe:2.3:a:openoffice:openoffice.org:1.9.113
    cpe:2.3:a:openoffice:openoffice.org:1.9.113
  • cpe:2.3:a:openoffice:openoffice.org:1.9.118
    cpe:2.3:a:openoffice:openoffice.org:1.9.118
  • cpe:2.3:a:openoffice:openoffice.org:1.9.122
    cpe:2.3:a:openoffice:openoffice.org:1.9.122
  • cpe:2.3:a:openoffice:openoffice.org:1.9.130
    cpe:2.3:a:openoffice:openoffice.org:1.9.130
  • cpe:2.3:a:openoffice:openoffice.org:1.9.156
    cpe:2.3:a:openoffice:openoffice.org:1.9.156
  • cpe:2.3:a:openoffice:openoffice.org:1.9.680
    cpe:2.3:a:openoffice:openoffice.org:1.9.680
  • cpe:2.3:a:openoffice:openoffice.org:2.0
    cpe:2.3:a:openoffice:openoffice.org:2.0
  • cpe:2.3:a:openoffice:openoffice.org:2.0:beta2
    cpe:2.3:a:openoffice:openoffice.org:2.0:beta2
  • cpe:2.3:a:openoffice:openoffice.org:2.0.1
    cpe:2.3:a:openoffice:openoffice.org:2.0.1
  • cpe:2.3:a:openoffice:openoffice.org:2.0.2
    cpe:2.3:a:openoffice:openoffice.org:2.0.2
  • cpe:2.3:a:openoffice:openoffice.org:2.0.2:rc1
    cpe:2.3:a:openoffice:openoffice.org:2.0.2:rc1
  • cpe:2.3:a:openoffice:openoffice.org:2.0.2:rc2
    cpe:2.3:a:openoffice:openoffice.org:2.0.2:rc2
  • cpe:2.3:a:openoffice:openoffice.org:2.0.3
    cpe:2.3:a:openoffice:openoffice.org:2.0.3
  • cpe:2.3:a:openoffice:openoffice.org:2.0.4
    cpe:2.3:a:openoffice:openoffice.org:2.0.4
  • cpe:2.3:a:openoffice:openoffice.org:2.1
    cpe:2.3:a:openoffice:openoffice.org:2.1
  • cpe:2.3:a:openoffice:openoffice.org:2.1.152
    cpe:2.3:a:openoffice:openoffice.org:2.1.152
  • cpe:2.3:a:openoffice:openoffice.org:2.1.154
    cpe:2.3:a:openoffice:openoffice.org:2.1.154
  • cpe:2.3:a:openoffice:openoffice.org:2.2
    cpe:2.3:a:openoffice:openoffice.org:2.2
  • cpe:2.3:a:openoffice:openoffice.org:2.2.1
    cpe:2.3:a:openoffice:openoffice.org:2.2.1
  • cpe:2.3:a:openoffice:openoffice.org:2.3
    cpe:2.3:a:openoffice:openoffice.org:2.3
  • cpe:2.3:a:openoffice:openoffice.org:2.3.1
    cpe:2.3:a:openoffice:openoffice.org:2.3.1
  • cpe:2.3:a:openoffice:openoffice.org:2.4
    cpe:2.3:a:openoffice:openoffice.org:2.4
  • cpe:2.3:a:openoffice:openoffice.org:2.4.1
    cpe:2.3:a:openoffice:openoffice.org:2.4.1
  • cpe:2.3:a:openoffice:openoffice.org:2.4.1:-:64-bit
    cpe:2.3:a:openoffice:openoffice.org:2.4.1:-:64-bit
  • cpe:2.3:a:openoffice:openoffice.org:3.01
    cpe:2.3:a:openoffice:openoffice.org:3.01
  • cpe:2.3:a:openoffice:openoffice.org:605b
    cpe:2.3:a:openoffice:openoffice.org:605b
  • cpe:2.3:a:openoffice:openoffice.org:609
    cpe:2.3:a:openoffice:openoffice.org:609
  • cpe:2.3:a:openoffice:openoffice.org:614
    cpe:2.3:a:openoffice:openoffice.org:614
  • cpe:2.3:a:openoffice:openoffice.org:619
    cpe:2.3:a:openoffice:openoffice.org:619
  • cpe:2.3:a:openoffice:openoffice.org:627
    cpe:2.3:a:openoffice:openoffice.org:627
  • cpe:2.3:a:openoffice:openoffice.org:633
    cpe:2.3:a:openoffice:openoffice.org:633
  • cpe:2.3:a:openoffice:openoffice.org:638
    cpe:2.3:a:openoffice:openoffice.org:638
  • cpe:2.3:a:openoffice:openoffice.org:638c
    cpe:2.3:a:openoffice:openoffice.org:638c
  • cpe:2.3:a:openoffice:openoffice.org:641b
    cpe:2.3:a:openoffice:openoffice.org:641b
  • cpe:2.3:a:openoffice:openoffice.org:641d
    cpe:2.3:a:openoffice:openoffice.org:641d
  • cpe:2.3:a:openoffice:openoffice.org:643
    cpe:2.3:a:openoffice:openoffice.org:643
CVSS
Base: 9.3 (as of 02-09-2009 - 14:00)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-105.NASL
    description This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow : An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow (CVE-2009-0200). A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing (CVE-2009-0201). A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file (CVE-2009-2139). Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file (CVE-2009-2140). OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736). Addittionaly this update provides following bug fixes : OpenOffice.org is not properly configure to use the xdg-email functionality of the FreeDesktop standard (#52195). Template desktop icons are not properly set up then they are not presented under the context menu of applications like Dolphin (#56439). libia_ora-gnome is added as suggest as long as that package is needed for a better look (#57385#c28). It is enabled a fallback logic to properly select an OpenOffice.org style whenever one is set up but that is not installed (#57530#c1, #53284, #45133, #39043) It is enabled the Firefox plugin for viewing OpenOffice.org documents inside browser. Further packages were provided to supply OpenOffice.org. 3.1.1 dependencies.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 46699
    published 2010-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46699
    title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:105)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-056.NASL
    description This update provides the OpenOffice.org 3.0 major version and holds the security fixes for the following issues : An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document leading to a heap-based buffer overflow (CVE-2009-0200). An heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document related to table parsing. (CVE-2009-0201). Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file (CVE-2009-2140). OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736). Additional packages are also being provided due to dependencies. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 44996
    published 2010-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44996
    title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:056)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENOFFICE_ORG-6421.NASL
    description Secunia reported an integer underflow (CVE-2009-0200) and a buffer overflow (CVE-2009-0201) that could be triggered while parsing Word documents.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 41988
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41988
    title openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-6421)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201408-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77467
    published 2014-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77467
    title GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_OPENOFFICE_ORG-090810.NASL
    description This update of OpenOffice.org fixes potential buffer overflow in EMF parser code (CVE-2009-2139, CVE-2009-2140) (Thanks to Petr Mladek). Additionally Secunia reported an integer underflow (CVE-2009-0200) and a buffer overflow (CVE-2009-0201) that could be triggered while parsing Word documents.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40881
    published 2009-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40881
    title openSUSE Security Update : OpenOffice_org (OpenOffice_org-1187)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENOFFICE_ORG-6469.NASL
    description This update of OpenOffice.org fixes potential buffer overflow in EMF parser code (enhwmf.cxx, emfplus.cxx). Additionally Secunia reported an integer underflow (CVE-2009-0200) and a buffer overflow (CVE-2009-0201) that could be triggered while parsing Word documents. Also provides the maintenance update to OpenOffice.org-3.1.1.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51683
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51683
    title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6469)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090904_OPENOFFICE_ORG_ON_SL3_X.NASL
    description CVE-2009-0200 OpenOffice.org Word document Integer Underflow CVE-2009-0201 OpenOffice.org Word document buffer overflow An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by an unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201) Allrunning instances of OpenOffice.org applications must be restarted for this update to take effect. Note: The openoffice.org2 update for SL4 has been delayed.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60661
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60661
    title Scientific Linux Security Update : openoffice.org on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_OPENOFFICE_ORG-090829.NASL
    description This update of OpenOffice.org fixes potential buffer overflow in EMF parser code (enhwmf.cxx, emfplus.cxx) (Thanks to Petr Mladek). Additionally Secunia reported an integer underflow (CVE-2009-0200) and a buffer overflow (CVE-2009-0201) that could be triggered while parsing Word documents. Also provides the maintenance update to OpenOffice.org-3.1.1. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.1.1.html
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41361
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41361
    title SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 1258)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-035.NASL
    description This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow : An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow (CVE-2009-0200). A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing (CVE-2009-0201). A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file (CVE-2009-2139). Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file (CVE-2009-2140). OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736). Further this update provides following bug fixes : OpenOffice.org is not properly configure to use the xdg-email functionality of the FreeDesktop standard (#52195). As the template desktop icons are not properly set, it's not presented under the context menu of applications like Dolphin (#56439). The Firefox plugin which enables viewing of OpenOffice documents inside the browser was not enabled.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 48172
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48172
    title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:035)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-840-1.NASL
    description Dyon Balding discovered flaws in the way OpenOffice.org handled tables. If a user were tricked into opening a specially crafted Word document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2009-0200, CVE-2009-0201) A memory overflow flaw was discovered in OpenOffice.org's handling of EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2009-2139). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 41969
    published 2009-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41969
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : openoffice.org vulnerabilities (USN-840-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_OPENOFFICE_ORG-MATH-090810.NASL
    description Secunia reported an integer underflow (CVE-2009-0200) and a buffer overflow (CVE-2009-0201) that could be triggered while parsing Word documents.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40883
    published 2009-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40883
    title openSUSE Security Update : OpenOffice_org-math (OpenOffice_org-math-1191)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1426.NASL
    description From Red Hat Security Advisory 2009:1426 : Updated openoffice.org packages that correct security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by an unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67919
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67919
    title Oracle Linux 3 / 4 : openoffice.org (ELSA-2009-1426)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1880.NASL
    description Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0200 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in an integer underflow that may lead to heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. - CVE-2009-0201 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. - CVE-2009-2139 A vulnerability has been discovered in the parser of EMF files of OpenOffice/Go-oo 2.x and 3.x that can be triggered by a specially crafted document and lead to the execution of arbitrary commands the privileges of the user running OpenOffice.org/Go-oo. This vulnerability does not exist in the packages for oldstable, testing and unstable.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44745
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44745
    title Debian DSA-1880-1 : openoffice.org - several vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1426.NASL
    description Updated openoffice.org packages that correct security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by an unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 63895
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63895
    title RHEL 3 / 4 / 5 : openoffice.org (RHSA-2009:1426)
  • NASL family Windows
    NASL id OPENOFFICE_311.NASL
    description The version of OpenOffice installed on the remote host is earlier than 3.1.1. Such versions are affected by several issues : - Parsing certain records in a document table could lead to heap-based overflows and arbitrary code execution. (CVE-2009-0200) - Parsing certain records in specially crafted files could lead to heap-based overflows and arbitrary code execution. (CVE-2009-0201)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 40826
    published 2009-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40826
    title OpenOffice < 3.1.1 Multiple Buffer Overflows
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1426.NASL
    description Updated openoffice.org packages that correct security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by an unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40878
    published 2009-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40878
    title CentOS 3 / 4 : openoffice.org (CESA-2009:1426)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_OPENOFFICE_ORG-090828.NASL
    description This update of OpenOffice.org fixes potential buffer overflow in EMF parser code (enhwmf.cxx, emfplus.cxx) (Thanks to Petr Mladek). Additionally Secunia reported an integer underflow (CVE-2009-0200) and a buffer overflow (CVE-2009-0201) that could be triggered while parsing Word documents. Also provides the maintenance update to OpenOffice.org-3.1.1. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.1.1.html
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 51593
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51593
    title SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 1258)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-9256.NASL
    description CVE-2009-0200/CVE-2009-0201: Harden .doctable insert/delete record import handling. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40867
    published 2009-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40867
    title Fedora 10 : openoffice.org-3.0.1-15.6.fc10 (2009-9256)
oval via4
accepted 2013-04-29T04:09:36.887-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
family unix
id oval:org.mitre.oval:def:10881
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
version 24
redhat via4
rpms
  • openoffice.org-0:1.1.2-44.2.0.EL3
  • openoffice.org-i18n-0:1.1.2-44.2.0.EL3
  • openoffice.org-libs-0:1.1.2-44.2.0.EL3
  • openoffice.org-0:1.1.5-10.6.0.7.EL4.1
  • openoffice.org-i18n-0:1.1.5-10.6.0.7.EL4.1
  • openoffice.org-kde-0:1.1.5-10.6.0.7.EL4.1
  • openoffice.org-libs-0:1.1.5-10.6.0.7.EL4.1
  • openoffice.org2-base-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-calc-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-core-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-draw-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-emailmerge-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-graphicfilter-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-impress-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-javafilter-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-af_ZA-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-ar-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-bg_BG-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-bn-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-ca_ES-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-cs_CZ-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-cy_GB-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-da_DK-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-de-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-el_GR-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-es-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-et_EE-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-eu_ES-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-fi_FI-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-fr-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-ga_IE-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-gl_ES-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-gu_IN-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-he_IL-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-hi_IN-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-hr_HR-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-hu_HU-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-it-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-ja_JP-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-ko_KR-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-lt_LT-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-ms_MY-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-nb_NO-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-nl-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-nn_NO-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-pa_IN-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-pl_PL-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-pt_BR-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-pt_PT-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-ru-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-sk_SK-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-sl_SI-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-sr_CS-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-sv-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-ta_IN-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-th_TH-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-tr_TR-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-zh_CN-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-zh_TW-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-langpack-zu_ZA-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-math-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-pyuno-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-testtools-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-writer-1:2.0.4-5.7.0.6.0.1
  • openoffice.org2-xsltfilter-1:2.0.4-5.7.0.6.0.1
  • openoffice.org-base-1:2.3.0-6.11.el5_4.1
  • openoffice.org-calc-1:2.3.0-6.11.el5_4.1
  • openoffice.org-core-1:2.3.0-6.11.el5_4.1
  • openoffice.org-draw-1:2.3.0-6.11.el5_4.1
  • openoffice.org-emailmerge-1:2.3.0-6.11.el5_4.1
  • openoffice.org-graphicfilter-1:2.3.0-6.11.el5_4.1
  • openoffice.org-headless-1:2.3.0-6.11.el5_4.1
  • openoffice.org-impress-1:2.3.0-6.11.el5_4.1
  • openoffice.org-javafilter-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-af_ZA-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ar-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-as_IN-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-bg_BG-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-bn-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ca_ES-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-cs_CZ-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-cy_GB-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-da_DK-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-de-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-el_GR-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-es-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-et_EE-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-eu_ES-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-fi_FI-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-fr-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ga_IE-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-gl_ES-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-gu_IN-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-he_IL-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-hi_IN-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-hr_HR-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-hu_HU-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-it-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ja_JP-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-kn_IN-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ko_KR-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-lt_LT-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ml_IN-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-mr_IN-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ms_MY-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-nb_NO-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-nl-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-nn_NO-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-nr_ZA-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-nso_ZA-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-or_IN-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-pa_IN-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-pl_PL-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-pt_BR-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-pt_PT-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ru-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-sk_SK-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-sl_SI-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-sr_CS-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ss_ZA-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-st_ZA-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-sv-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ta_IN-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-te_IN-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-th_TH-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-tn_ZA-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-tr_TR-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ts_ZA-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ur-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-ve_ZA-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-xh_ZA-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-zh_CN-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-zh_TW-1:2.3.0-6.11.el5_4.1
  • openoffice.org-langpack-zu_ZA-1:2.3.0-6.11.el5_4.1
  • openoffice.org-math-1:2.3.0-6.11.el5_4.1
  • openoffice.org-pyuno-1:2.3.0-6.11.el5_4.1
  • openoffice.org-sdk-1:2.3.0-6.11.el5_4.1
  • openoffice.org-sdk-doc-1:2.3.0-6.11.el5_4.1
  • openoffice.org-testtools-1:2.3.0-6.11.el5_4.1
  • openoffice.org-writer-1:2.3.0-6.11.el5_4.1
  • openoffice.org-xsltfilter-1:2.3.0-6.11.el5_4.1
refmap via4
bid 36200
bugtraq 20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow
confirm http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html
debian DSA-1880
gentoo GLSA-201408-19
mandriva
  • MDVSA-2010:035
  • MDVSA-2010:091
  • MDVSA-2010:105
misc
secunia
  • 35036
  • 36750
  • 60799
sunalert
  • 1020715
  • 263508
suse SUSE-SR:2009:015
vupen ADV-2009-2490
Last major update 24-10-2014 - 01:33
Published 02-09-2009 - 13:30
Last modified 11-10-2018 - 17:00
Back to Top