cbcvebase.
CVE-2009-0259
published 2009-01-22

CVE-2009-0259: The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a…

PriorityP263critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.50%
93.7th percentile
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.

Affected

4 ranges
VendorProductVersion rangeFixed in
openofficeopenoffice.org
openofficeopenoffice.org
openofficeopenoffice.org
openofficeopenoffice.org

Detection & IOCsextracted from sources · hover to see the quote

filename2008-crash.doc.rar
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6560.rar
urlhttp://milw0rm.com/sploits/2008-crash.doc.rar
  • Malicious files triggering this vulnerability are crafted Word 97 files with extensions .doc, .wri, or .rtf that cause memory corruption when opened by OpenOffice.org 1.1.2–1.1.5 or Microsoft WordPad's Word 97 Text Converter.
  • This vulnerability was actively exploited in the wild in December 2008; any .doc/.wri/.rtf files received during that period targeting OpenOffice.org 1.1.x or Windows WordPad should be treated as suspicious.
  • ·Red Hat assessed this CVE as only causing a crash (DoS) in OpenOffice.org, not arbitrary code execution, and did not treat it as a security vulnerability for their packages.
  • ·The vulnerability only affects OpenOffice.org versions 1.1.2 through 1.1.5 (Red Hat Enterprise Linux 3 and 4 packages); it does NOT affect the version shipped with Red Hat Enterprise Linux 5.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.