Overview
- Description
- Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-189
Social media
- Hype score
- Not currently trending
Vendor comments
- Red HatRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openoffice:openoffice:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DB4E8C2-D2B5-4130-B2D5-45B9980509C9",
"versionEndIncluding": "2.0.4"
},
{
"criteria": "cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA77A764-8311-4108-8155-920EC12AC0F7"
},
{
"criteria": "cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECB60F92-5543-4D1E-8CE1-525D65AECF5E"
},
{
"criteria": "cpe:2.3:a:sun:staroffice:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7D51979-56BC-46A4-A6FB-45BC56CB6D5B"
}
],
"operator": "OR"
}
]
}
]