OpenOffice OLE importer DocumentSummaryInformation buffer overflow

Added: 06/20/2008
CVE: CVE-2008-0320
BID: 28819
OSVDB: 44472

Background

OpenOffice is a free productivity suite for multiple platforms. OpenOffice includes an importer for Microsoft's Object Linking and Embedding (OLE) framework.

Problem

A buffer overflow vulnerability in the OLE importer allows command execution when a user opens a file containing a specially crafted DocumentSummaryInformation stream.

Resolution

Upgrade to OpenOffice 2.4 or higher.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694
http://www.openoffice.org/security/cves/CVE-2008-0320.html

Limitations

Exploit works on OpenOffice 1.1.5 on Linux and OpenOffice 2.3.0 on Windows and requires a user to open the exploit file.

Due to the nature of the vulnerability, the success of this exploit depends on the system state at the time the exploit is run. On Linux platforms, the exploit cannot succeed if the target's kernel has the exec-shield option enabled.

Platforms

Red Hat Enterprise Linux 4 Update 6
Red Hat Enterprise Linux 4 Update 4
Windows

Back to exploit index