CVE-2009-3302

CWE-94 — Code Injection7 documents6 sources
Severity
9.3CRITICAL
EPSS
42.8%
top 2.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache OpenofficeCanonical Ubuntu LinuxDebian Debian Linux
Timeline
PublishedFeb 16
Latest updateMay 2

Description

filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

â–¶NVDapache/openoffice< 3.2.0

Also affects: Debian Linux 4.0, 5.0, Ubuntu Linux 8.04, 8.10, 9.04, 9.10

🔴Vulnerability Details

2
GHSA
GHSA-p5vp-96h6-xqrg: filter/ww8/ww8par2↗2022-05-02
â–¶
CVEList
CVE-2009-3302: filter/ww8/ww8par2↗2010-02-16
â–¶

📋Vendor Advisories

2
Ubuntu
OpenOffice.org vulnerabilities↗2010-02-24
â–¶
Red Hat
OpenOffice.org Word sprmTSetBrc Memory Corruption↗2010-02-12
â–¶

💬Community

2
Bugzilla
CVE-2009-3302 OpenOffice.org Word sprmTSetBrc Memory Corruption↗2009-11-04
â–¶
Bugzilla
CVE-2009-3301 OpenOffice.org Word sprmTDefTable Memory Corruption↗2009-11-04
â–¶
CVE-2009-3302 (CRITICAL CVSS 9.3) | filter/ww8/ww8par2.cxx in OpenOffic | cvebase.io