KEVIntel
PRO Back to KEVs
9.3
CVSS
High

CVE-2009-0259

PUBLISHED

The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute...

Exploited in the wild Remote
Vendor
OpenOffice.org
Product
OpenOffice
Published
Jan 22, 2009
EPSS

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.

CVSS scores

CVSS v2.0 9.3 High

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2009-01-22 23:00:00 UTC · CVE

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE First 2009-01-22 23:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel