CVE-2008-0320

OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow

Title source: metasploit

Description

Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/18923

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/openoffice_ole.rb

View Code ZIP pw:eip

References (30)

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-231642-1

[Vendor Advisory] http://secunia.com/advisories/29844

[Vendor Advisory] http://secunia.com/advisories/29852

[Vendor Advisory] http://secunia.com/advisories/29864

[Vendor Advisory] http://secunia.com/advisories/29871

[Vendor Advisory] http://secunia.com/advisories/29910

[Vendor Advisory] http://secunia.com/advisories/29913

[Vendor Advisory] http://secunia.com/advisories/29987

[Vendor Advisory] http://secunia.com/advisories/30100

[Vendor Advisory] http://secunia.com/advisories/30179

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:090

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:095

[Various Sources] http://www.openoffice.org/security/bulletin.html

[Various Sources] http://www.openoffice.org/security/cves/CVE-2007-4770.html

[Various Sources] http://www.openoffice.org/security/cves/CVE-2007-5745.html

[Various Sources] http://www.openoffice.org/security/cves/CVE-2008-0320.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0175.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0176.html

[Vendor Advisory] http://www.ubuntu.com/usn/usn-609-1

[Vendor Advisory] http://www.vupen.com/english/advisories/2008/1253/references

... and 10 more

Scores

EPSS 0.8200

EPSS Percentile 99.2%

Details

CWE

CWE-119

Status published

Products (6)

openoffice/openoffice.org 2.0.3

openoffice/openoffice.org 2.1

openoffice/openoffice.org 2.2

openoffice/openoffice.org 2.2.1

openoffice/openoffice.org 2.3

openoffice/openoffice.org < 2.3.1

Published Apr 17, 2008

Tracked Since Feb 18, 2026