漏洞信息详情
OpenOffice WMF文件解析堆溢出漏洞
- CNNVD编号:CNNVD-200810-505
- 危害等级: 中危
- CVE编号: CVE-2008-2237
- 漏洞类型: 缓冲区溢出
- 发布时间: 2008-10-30
- 威胁类型: 远程
- 更新时间: 2009-03-03
- 厂 商: openoffice
- 漏洞来源: iDEFENSE
漏洞简介
OpenOffice(OOo)是美国阿帕奇(Apache)软件基金会的一款开源的办公软件套件。该套件包含文本文档、电子表格、演示文稿、绘图、数据库等。
OpenOffice处理WMF文件的方式存在堆溢出漏洞,如果用户受骗打开了恶意的StarOffice/StarSuite文档的话,就可能触发这些溢出,导致以当前用户的权限执行任意指令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu broffice.org_2.3.0-1ubuntu5.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org/broff ice.org_2.3.0-1ubuntu5.5_all.deb
Ubuntu libmythes-dev_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/libmythes -dev_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu mozilla-openoffice.org_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org/mozil la-openoffice.org_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-base_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-base_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-calc_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-calc_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-common_2.3.0-1ubuntu5.5_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-common_2.3.0-1ubuntu5.5_all.deb
Ubuntu openoffice.org-core_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-core_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-dev-doc_2.3.0-1ubuntu5.5_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-dev-doc_2.3.0-1ubuntu5.5_all.deb
Ubuntu openoffice.org-dev_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-dev_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-draw_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-draw_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-dtd-officedocument1.0_2.3.0-1ubuntu5.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org/openo ffice.org-dtd-officedocument1.0_2.3.0-1ubuntu5.5_all.deb
Ubuntu openoffice.org-evolution_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-evolution_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-filter-binfilter_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-filter-binfilter_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-filter-mobiledev_2.3.0-1ubuntu5.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org/openo ffice.org-filter-mobiledev_2.3.0-1ubuntu5.5_all.deb
Ubuntu openoffice.org-gnome_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-gnome_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-gtk_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-gtk_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-headless_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org/openo ffice.org-headless_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-impress_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-impress_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-java-common_2.3.0-1ubuntu5.5_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-java-common_2.3.0-1ubuntu5.5_all.deb
Ubuntu openoffice.org-kde_2.3.0-1ubuntu5.5_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-kde_2.3.0-1ubuntu5.5_powerpc.deb
Ubuntu openoffice.org-l10n-en-us_2.3.0-1ubuntu5.5_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-l10n-en-us_2.3.0-1ubuntu5.5_all.deb
Ubuntu openoffice.org-l10n-in_2.3.0-1ubuntu5.5_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-l10n-in_2.3.0-1ubuntu5.5_all.deb
Ubuntu openoffice.org-l10n-za_2.3.0-1ubuntu5.5_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org/openoffic e.org-l10n-za_2.3.0-1ubuntu5.5_all.deb
Ubuntu openoffice.org-math_2.3.0-1ubuntu5.5_powerpc.deb
http://s
参考网址
来源: BID
名称: 31962
链接:http://www.securityfocus.com/bid/31962
来源: www.openoffice.org
链接:http://www.openoffice.org/security/cves/CVE-2008-2237.HTML
来源: DEBIAN
名称: DSA-1661
链接:http://www.debian.org/security/2008/dsa-1661
来源: FEDORA
名称: FEDORA-2008-9333
链接:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.HTML
来源: FEDORA
名称: FEDORA-2008-9313
链接:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.HTML
来源: XF
名称: openoffice-wmf-bo(46165)
链接:http://xforce.iss.net/xforce/xfdb/46165
来源: UBUNTU
名称: USN-677-2
链接:http://www.ubuntu.com/usn/usn-677-2
来源: SECTRACK
名称: 1021120
链接:http://www.securitytracker.com/id?1021120
来源: REDHAT
名称: RHSA-2008:0939
链接:http://www.redhat.com/support/errata/RHSA-2008-0939.HTML
来源: VUPEN
名称: ADV-2008-3103
链接:http://www.frsirt.com/english/advisories/2008/3103
来源: VUPEN
名称: ADV-2008-2947
链接:http://www.frsirt.com/english/advisories/2008/2947
来源: SUNALERT
名称: 242627
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-242627-1
来源: GENTOO
名称: GLSA-200812-13
链接:http://security.gentoo.org/glsa/glsa-200812-13.xml
来源: SECUNIA
名称: 33140
链接:http://secunia.com/advisories/33140
来源: SECUNIA
名称: 32872
链接:http://secunia.com/advisories/32872
来源: SECUNIA
名称: 32676
链接:http://secunia.com/advisories/32676
来源: SECUNIA
名称: 32489
链接:http://secunia.com/advisories/32489
来源: SECUNIA
名称: 32463
链接:http://secunia.com/advisories/32463
来源: SECUNIA
名称: 32461
链接:http://secunia.com/advisories/32461
来源: SECUNIA
名称: 32419
链接:http://secunia.com/advisories/32419
来源: neowiki.neooffice.org
链接:http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes
来源: SUSE
名称: SUSE-SR:2008:026
链接:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.HTML
受影响实体
- Openoffice Openoffice.Org:2.0
- Openoffice Openoffice.Org:2.4.1
- Openoffice Openoffice.Org:2.4
- Openoffice Openoffice.Org:2.3.1
- Openoffice Openoffice.Org:2.4.1:64-Bit
补丁
暂无
评论