CVE-2009-0259
published 2009-01-22CVE-2009-0259: The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a…
PriorityP263critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.50%
93.7th percentile
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openoffice | openoffice.org | — | — |
| openoffice | openoffice.org | — | — |
| openoffice | openoffice.org | — | — |
| openoffice | openoffice.org | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Malicious files triggering this vulnerability are crafted Word 97 files with extensions .doc, .wri, or .rtf that cause memory corruption when opened by OpenOffice.org 1.1.2–1.1.5 or Microsoft WordPad's Word 97 Text Converter. ↗
- →This vulnerability was actively exploited in the wild in December 2008; any .doc/.wri/.rtf files received during that period targeting OpenOffice.org 1.1.x or Windows WordPad should be treated as suspicious. ↗
- ·Red Hat assessed this CVE as only causing a crash (DoS) in OpenOffice.org, not arbitrary code execution, and did not treat it as a security vulnerability for their packages. ↗
- ·The vulnerability only affects OpenOffice.org versions 1.1.2 through 1.1.5 (Red Hat Enterprise Linux 3 and 4 packages); it does NOT affect the version shipped with Red Hat Enterprise Linux 5. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x8fv-7pqq-qwxw: The Word processor in OpenOffice
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-0259 [CRITICAL] GHSA-x8fv-7pqq-qwxw: The Word processor in OpenOffice
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
VulnCheck
OpenOffice.org 1.1.2 through 1.1.5 Memory Corruption
vulncheck·2009·CVSS 9.3
CVE-2009-0259 [CRITICAL] OpenOffice.org 1.1.2 through 1.1.5 Memory Corruption
OpenOffice.org 1.1.2 through 1.1.5 Memory Corruption
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
Affected: openoffice openoffice.org
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.openwall.com/lists/oss-security/2009/01/21/9; https://www.cve.org/CVERecord?id=CVE-2009-0259
Red Hat
openoffice.org: text converter memory corruption via a crafted (1) .doc, (2) .wri, or (3) .rtf Word97 file
vendor_redhat·2008-12-09·CVSS 9.3
CVE-2009-0259 [CRITICAL] openoffice.org: text converter memory corruption via a crafted (1) .doc, (2) .wri, or (3) .rtf Word97 file
openoffice.org: text converter memory corruption via a crafted (1) .doc, (2) .wri, or (3) .rtf Word97 file
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
Statement: This issue can only result in an OpenOffice.org crash, not allowing arbitrary code execution. Red Hat does not consider a crash of a client application such as OpenOffice.org to be a security issue.
No detection rules found.
http://milw0rm.com/sploits/2008-crash.doc.rarhttp://www.openwall.com/lists/oss-security/2009/01/21/9http://www.securityfocus.com/bid/33383https://exchange.xforce.ibmcloud.com/vulnerabilities/48213https://www.exploit-db.com/exploits/6560http://milw0rm.com/sploits/2008-crash.doc.rarhttp://www.openwall.com/lists/oss-security/2009/01/21/9http://www.securityfocus.com/bid/33383https://exchange.xforce.ibmcloud.com/vulnerabilities/48213https://www.exploit-db.com/exploits/6560
2009-01-22
Published
Exploited in the wild