CVE-2008-2152 | Vulnerability Database | Aqua Security

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.

Affected Software

Name	Vendor	Start Version	End Version
Openoffice.org	Openoffice	2.0 (including)	2.0 (including)
Openoffice.org	Openoffice	2.1 (including)	2.1 (including)
Openoffice.org	Openoffice	2.2 (including)	2.2 (including)
Openoffice.org	Openoffice	2.3 (including)	2.3 (including)
Openoffice.org	Openoffice	2.4 (including)	2.4 (including)
Red Hat Enterprise Linux 3	RedHat	openoffice.org-0:1.1.2-42.2.0.EL3	*
Red Hat Enterprise Linux 4	RedHat	openoffice.org2-1:2.0.4-5.7.0.5.0	*
Red Hat Enterprise Linux 4	RedHat	openoffice.org-0:1.1.5-10.6.0.5.EL4	*
Red Hat Enterprise Linux 5	RedHat	openoffice.org-1:2.3.0-6.5.1.el5_2	*

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714
http://secunia.com/advisories/30599
http://secunia.com/advisories/30633
http://secunia.com/advisories/30634
http://secunia.com/advisories/30635
http://secunia.com/advisories/31029
http://security.gentoo.org/glsa/glsa-200807-05.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:137
http://www.mandriva.com/security/advisories?name=MDVSA-2008:138
http://www.openoffice.org/security/cves/CVE-2008-2152.html
http://www.redhat.com/support/errata/RHSA-2008-0537.html
http://www.redhat.com/support/errata/RHSA-2008-0538.html
http://www.securityfocus.com/bid/29622
http://www.securitytracker.com/id?1020219
http://www.vupen.com/english/advisories/2008/1773
http://www.vupen.com/english/advisories/2008/1804/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714
http://secunia.com/advisories/30599
http://secunia.com/advisories/30633
http://secunia.com/advisories/30634
http://secunia.com/advisories/30635
http://secunia.com/advisories/31029
http://security.gentoo.org/glsa/glsa-200807-05.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:137
http://www.mandriva.com/security/advisories?name=MDVSA-2008:138
http://www.openoffice.org/security/cves/CVE-2008-2152.html
http://www.redhat.com/support/errata/RHSA-2008-0537.html
http://www.redhat.com/support/errata/RHSA-2008-0538.html
http://www.securityfocus.com/bid/29622
http://www.securitytracker.com/id?1020219
http://www.vupen.com/english/advisories/2008/1773
http://www.vupen.com/english/advisories/2008/1804/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-2152
CWE	https://cwe.mitre.org/data/definitions/189.html