Back to KEVs

CVE-2009-0259

The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 22, 2009
Published Date
January 22, 2009
Last Updated
August 07, 2024
Vendor
OpenOffice.org
Product
OpenOffice
Description
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.

CVSS Scores

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild
Yes (2009-01-22 23:00:00 UTC) Source

References

https://www.exploit-db.com/exploits/6560 http://www.securityfocus.com/bid/33383 https://exchange.xforce.ibmcloud.com/vulnerabilities/48213 http://www.openwall.com/lists/oss-security/2009/01/21/9 http://milw0rm.com/sploits/2008-crash.doc.rar

Known Exploited Vulnerability Information

Source Added Date
CVE 2009-01-22 23:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel