Ubuntu USN-677-2 (OpenOffice) Network Vulnerability

Summary

The remote host is missing an update to OpenOffice announced via advisory USN-677-2. Original advisory details: Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2008-2237, CVE-2008-2238) Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-4937)

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=USN-677-2

Severity

Classification

CVE CVE-2008-2237, CVE-2008-2238, CVE-2008-4937
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for bind9 USN-1518-1
Ubuntu Update for ffmpeg vulnerability USN-630-1
Ubuntu Update for bind9 USN-1566-1
Ubuntu Update for Firefox 3.5 and Xulrunner vulnerabilities USN-921-1
Ubuntu Update for apparmor update USN-1039-1

Take action and discover your vulnerabilities