OpenOffice OLE importer DocumentSummaryInformation buffer overflow

Added: 06/20/2008
CVE: CVE-2008-0320
BID: 28819
OSVDB: 44472


OpenOffice is a free productivity suite for multiple platforms. OpenOffice includes an importer for Microsoft's Object Linking and Embedding (OLE) framework.


A buffer overflow vulnerability in the OLE importer allows command execution when a user opens a file containing a specially crafted DocumentSummaryInformation stream.


Upgrade to OpenOffice 2.4 or higher.



Exploit works on OpenOffice 1.1.5 on Linux and OpenOffice 2.3.0 on Windows and requires a user to open the exploit file.

Due to the nature of the vulnerability, the success of this exploit depends on the system state at the time the exploit is run. On Linux platforms, the exploit cannot succeed if the target's kernel has the exec-shield option enabled.


Red Hat Enterprise Linux 4 Update 6
Red Hat Enterprise Linux 4 Update 4

Back to exploit index