Signature Detail

HTTP: OpenOffice Word Document Table Parsing Integer Underflow

This signature detects attempts to exploit a known vulnerability in the OpenOffice Word document parsing routine. A successful attack can lead to an integer underflow and arbitrary remote code execution within the context of the client.

Extended Description

OpenOffice is prone to multiple remote heap-based buffer-overflow vulnerabilities because of errors in processing certain files. Remote attackers can exploit these issues by enticing victims into opening maliciously crafted files. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service. The issues affect OpenOffice 3.1. NOTE: These issues may be related to the issues described in BID 36186 (OpenOffice Prior to 3.1.1 Multiple Unspecified Security Vulnerabilities). We will update this BID when more information becomes available.

Affected Products

• Avaya Interactive Response 3.0
• Avaya Interactive Response 4.0
• Debian Linux 4.0
• Debian Linux 4.0 Alpha
• Debian Linux 4.0 Amd64
• Debian Linux 4.0 Arm
• Debian Linux 4.0 Armel
• Debian Linux 4.0 Hppa
• Debian Linux 4.0 Ia-32
• Debian Linux 4.0 Ia-64
• Debian Linux 4.0 M68k
• Debian Linux 4.0 Mips
• Debian Linux 4.0 Mipsel
• Debian Linux 4.0 Powerpc
• Debian Linux 4.0 S/390
• Debian Linux 4.0 Sparc
• Debian Linux 5.0
• Debian Linux 5.0 Alpha
• Debian Linux 5.0 Amd64
• Debian Linux 5.0 Arm
• Debian Linux 5.0 Armel
• Debian Linux 5.0 Hppa
• Debian Linux 5.0 Ia-32
• Debian Linux 5.0 Ia-64
• Debian Linux 5.0 M68k
• Debian Linux 5.0 Mips
• Debian Linux 5.0 Mipsel
• Debian Linux 5.0 Powerpc
• Debian Linux 5.0 S/390
• Debian Linux 5.0 Sparc
• Mandriva Enterprise Server 5
• Mandriva Enterprise Server 5 X86 64
• Mandriva Linux Mandrake 2008.0
• Mandriva Linux Mandrake 2008.0 X86 64
• Mandriva Linux Mandrake 2009.0
• Mandriva Linux Mandrake 2009.0 X86 64
• Mandriva Linux Mandrake 2009.1
• Mandriva Linux Mandrake 2009.1 X86 64
• OpenOffice 3.1.0
• Red Hat Desktop 3.0.0
• Red Hat Enterprise Linux Desktop Version 4
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux Desktop 5 Client
• Red Hat Enterprise Linux Desktop Workstation 5 Client
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux Optional Productivity Application 5 Server
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora 10
• Sun StarOffice 7.0.0
• Sun StarOffice 8.0
• Sun StarOffice 9.0
• Sun StarSuite 7
• Sun StarSuite 8
• Sun StarSuite 9
• SuSE Novell Linux Desktop 9.0.0
• SuSE openSUSE 10.3
• SuSE openSUSE 11.0
• SuSE openSUSE 11.1
• SuSE SUSE Linux Enterprise 10
• SuSE SUSE Linux Enterprise 11
• Ubuntu Ubuntu Linux 8.04 LTS Amd64
• Ubuntu Ubuntu Linux 8.04 LTS I386
• Ubuntu Ubuntu Linux 8.04 LTS Lpia
• Ubuntu Ubuntu Linux 8.04 LTS Powerpc
• Ubuntu Ubuntu Linux 8.04 LTS Sparc
• Ubuntu Ubuntu Linux 8.10 Amd64
• Ubuntu Ubuntu Linux 8.10 I386
• Ubuntu Ubuntu Linux 8.10 Lpia
• Ubuntu Ubuntu Linux 8.10 Powerpc
• Ubuntu Ubuntu Linux 8.10 Sparc
• Ubuntu Ubuntu Linux 9.04 Amd64
• Ubuntu Ubuntu Linux 9.04 I386
• Ubuntu Ubuntu Linux 9.04 Lpia
• Ubuntu Ubuntu Linux 9.04 Powerpc
• Ubuntu Ubuntu Linux 9.04 Sparc

References

• BugTraq: 36200
• CVE: CVE-2009-0200
• CVE: CVE-2009-0201