Vulnerability-Lookup

CVE-2009-0200 (GCVE-0-2009-0200)

Vulnerability from cvelistv5 – Published: 2009-09-02 17:00 – Updated: 2024-08-07 04:24

Summary

Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.

Severity ?

No CVSS data available.

CWE

Assigner

flexera

References

URL

Tags

	http://www.openoffice.org/security/cves/CVE-2009-…	x_refsource_CONFIRM
	http://secunia.com/advisories/60799	third-party-advisoryx_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-20140…	vendor-advisoryx_refsource_GENTOO
	http://development.openoffice.org/releases/3.1.1.html	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/secunia_research/2009-26/	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.debian.org/security/2009/dsa-1880	vendor-advisoryx_refsource_DEBIAN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/35036	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://secunia.com/advisories/36750	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/506194/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/36200	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2009/2490	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
          },
          {
            "name": "60799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60799"
          },
          {
            "name": "GLSA-201408-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://development.openoffice.org/releases/3.1.1.html"
          },
          {
            "name": "MDVSA-2010:105",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
          },
          {
            "name": "MDVSA-2010:091",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-26/"
          },
          {
            "name": "MDVSA-2010:035",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
          },
          {
            "name": "1020715",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
          },
          {
            "name": "SUSE-SR:2009:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
          },
          {
            "name": "DSA-1880",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1880"
          },
          {
            "name": "oval:org.mitre.oval:def:10881",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881"
          },
          {
            "name": "35036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35036"
          },
          {
            "name": "263508",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
          },
          {
            "name": "36750",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36750"
          },
          {
            "name": "20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/506194/100/0/threaded"
          },
          {
            "name": "36200",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36200"
          },
          {
            "name": "ADV-2009-2490",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2490"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
        },
        {
          "name": "60799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60799"
        },
        {
          "name": "GLSA-201408-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://development.openoffice.org/releases/3.1.1.html"
        },
        {
          "name": "MDVSA-2010:105",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
        },
        {
          "name": "MDVSA-2010:091",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-26/"
        },
        {
          "name": "MDVSA-2010:035",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
        },
        {
          "name": "1020715",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
        },
        {
          "name": "SUSE-SR:2009:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
        },
        {
          "name": "DSA-1880",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1880"
        },
        {
          "name": "oval:org.mitre.oval:def:10881",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881"
        },
        {
          "name": "35036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35036"
        },
        {
          "name": "263508",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
        },
        {
          "name": "36750",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36750"
        },
        {
          "name": "20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/506194/100/0/threaded"
        },
        {
          "name": "36200",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36200"
        },
        {
          "name": "ADV-2009-2490",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2490"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-0200",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html",
              "refsource": "CONFIRM",
              "url": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
            },
            {
              "name": "60799",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60799"
            },
            {
              "name": "GLSA-201408-19",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
            },
            {
              "name": "http://development.openoffice.org/releases/3.1.1.html",
              "refsource": "MISC",
              "url": "http://development.openoffice.org/releases/3.1.1.html"
            },
            {
              "name": "MDVSA-2010:105",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
            },
            {
              "name": "MDVSA-2010:091",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-26/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-26/"
            },
            {
              "name": "MDVSA-2010:035",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
            },
            {
              "name": "1020715",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
            },
            {
              "name": "SUSE-SR:2009:015",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
            },
            {
              "name": "DSA-1880",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1880"
            },
            {
              "name": "oval:org.mitre.oval:def:10881",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881"
            },
            {
              "name": "35036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35036"
            },
            {
              "name": "263508",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
            },
            {
              "name": "36750",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36750"
            },
            {
              "name": "20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/506194/100/0/threaded"
            },
            {
              "name": "36200",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36200"
            },
            {
              "name": "ADV-2009-2490",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2490"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2009-0200",
    "datePublished": "2009-09-02T17:00:00.000Z",
    "dateReserved": "2009-01-20T00:00:00.000Z",
    "dateUpdated": "2024-08-07T04:24:18.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-VQGR-RW7Q-XXWM

Vulnerability from github – Published: 2022-05-02 03:13 – Updated: 2025-04-09 04:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0200"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-09-02T17:30:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.",
  "id": "GHSA-vqgr-rw7q-xxwm",
  "modified": "2025-04-09T04:13:49Z",
  "published": "2022-05-02T03:13:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0200"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881"
    },
    {
      "type": "WEB",
      "url": "http://development.openoffice.org/releases/3.1.1.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35036"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36750"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60799"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/secunia_research/2009-26"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1880"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
    },
    {
      "type": "WEB",
      "url": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/506194/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36200"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2490"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-362

Vulnerability from certfr_avis - Published: 2009-09-01 - Updated: 2009-09-07

Plusieurs vulnérabilités dans OpenOffice.org permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans l'analyse de certains enregistrements d'OpenOffice.org et permettent à une personne malintentionnée d'exécuter du code arbitraire à distance via un document au format Microsoft Word spécialement construit.

Solution

Se référer à la note de nouvelle version de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

OpenOffice.org versions 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Note de nouvelle version OpenOffice.org 3.1.1	None	vendor-advisory
Bulletin de sécurité Debian DSA-1880-1 du 04 septembre 2009 :	-	other
Bulletin de sécurité Fedora FEDORA-2009-9256 du 04 septembre 2009 :	-	other
Bulletin de sécurité RedHat RHSA-2009:1426-01 du 04 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eOpenOffice.org versions 3.x.\u003c/P\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans l\u0027analyse de certains\nenregistrements d\u0027OpenOffice.org et permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance via un document\nau format Microsoft Word sp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer \u00e0 la note de nouvelle version de l\u0027\u00e9diteur pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0201"
    },
    {
      "name": "CVE-2009-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0200"
    }
  ],
  "initial_release_date": "2009-09-01T00:00:00",
  "last_revision_date": "2009-09-07T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1880-1 du 04 septembre 2009    :",
      "url": "http://www.us.debian.org/security/2009/dsa-1880"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2009-9256 du 04    septembre 2009 :",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2009-September/msg00077.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2009:1426-01 du 04    septembre 2009 :",
      "url": "http://www.redhat.com/archives/rhsa-announce/2009-September/msg00014.html"
    }
  ],
  "reference": "CERTA-2009-AVI-362",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-01T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins Debian, Fedora et RedHat.",
      "revision_date": "2009-09-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans OpenOffice.org permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans OpenOffice.org",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Note de nouvelle version OpenOffice.org 3.1.1",
      "url": "http://development.openoffice.org/releases/3.1.1.html"
    }
  ]
}

CERTA-2009-AVI-399

Vulnerability from certfr_avis - Published: 2009-09-24 - Updated: 2009-09-24

Plusieurs vulnérabilités des suites bureautiques StarOffice et StarSuite ont été publiées. Elles sont exploitables par un utilisateur malveillant pour exécuter du code arbitraire.

Description

Deux vulnérabilités sont présentes dans le traitement des fichiers au format XML, y compris au format ODF. Deux autres vulnérabilités sont présentes dans le traitement des fichiers Microsoft Word. L'exploitation de chacune de ces vulnérabilités, par le biais d'un fichier au format correspondant et spécialement conçu, permet l'exécution de code arbitraire sur le système vulnérable, avec les droits de l'utilisateur qui ouvre le fichier.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

StarOffice et StarSuite, versions 7, 8 et 9.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Sun Solaris #263508 et #266088	None	vendor-advisory
Bulletin de sécurité Sun Solaris #263508 du 15 septembre 2009 :	-	other
Bulletin de sécurité Sun Solaris #266088 du 18 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cSPAN class=\"textit\"\u003eStarOffice\u003c/SPAN\u003e  et \u003cSPAN class=\"textit\"\u003eStarSuite\u003c/SPAN\u003e, versions 7, 8 et 9.",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans le traitement des fichiers au\nformat XML, y compris au format ODF. Deux autres vuln\u00e9rabilit\u00e9s sont\npr\u00e9sentes dans le traitement des fichiers Microsoft Word. L\u0027exploitation\nde chacune de ces vuln\u00e9rabilit\u00e9s, par le biais d\u0027un fichier au format\ncorrespondant et sp\u00e9cialement con\u00e7u, permet l\u0027ex\u00e9cution de code\narbitraire sur le syst\u00e8me vuln\u00e9rable, avec les droits de l\u0027utilisateur\nqui ouvre le fichier.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-0201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0201"
    },
    {
      "name": "CVE-2009-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0200"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    }
  ],
  "initial_release_date": "2009-09-24T00:00:00",
  "last_revision_date": "2009-09-24T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #263508 du 15 septembre    2009 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263508-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #266088 du 18 septembre    2009 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266088-1"
    }
  ],
  "reference": "CERTA-2009-AVI-399",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s des suites bureautiques \u003cspan\nclass=\"textit\"\u003eStarOffice\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eStarSuite\u003c/span\u003e ont \u00e9t\u00e9 publi\u00e9es. Elles sont\nexploitables par un utilisateur malveillant pour ex\u00e9cuter du code\narbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de StarOffice et StarSuite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Sun Solaris #263508 et #266088",
      "url": null
    }
  ]
}

FKIE_CVE-2009-0200

Vulnerability from fkie_nvd - Published: 2009-09-02 17:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://development.openoffice.org/releases/3.1.1.html
PSIRT-CNA@flexerasoftware.com	http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/35036	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/36750
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/60799
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2009-26/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1
PSIRT-CNA@flexerasoftware.com	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1
PSIRT-CNA@flexerasoftware.com	http://www.debian.org/security/2009/dsa-1880
PSIRT-CNA@flexerasoftware.com	http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
PSIRT-CNA@flexerasoftware.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:035
PSIRT-CNA@flexerasoftware.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:091
PSIRT-CNA@flexerasoftware.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:105
PSIRT-CNA@flexerasoftware.com	http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/506194/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/36200
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2009/2490	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881
af854a3a-2127-422b-91ae-364da2661108	http://development.openoffice.org/releases/3.1.1.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35036	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36750
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60799
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2009-26/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1880
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:035
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:091
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:105
af854a3a-2127-422b-91ae-364da2661108	http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/506194/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36200
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2490	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881

Impacted products

Vendor	Product	Version
openoffice	openoffice.org	*
openoffice	openoffice.org	1.0-ru
openoffice	openoffice.org	1.0.0
openoffice	openoffice.org	1.0.1
openoffice	openoffice.org	1.0.2
openoffice	openoffice.org	1.0.3.1
openoffice	openoffice.org	1.1
openoffice	openoffice.org	1.1
openoffice	openoffice.org	1.1
openoffice	openoffice.org	1.1
openoffice	openoffice.org	1.1
openoffice	openoffice.org	1.1.1
openoffice	openoffice.org	1.1.2
openoffice	openoffice.org	1.1.3
openoffice	openoffice.org	1.1.4
openoffice	openoffice.org	1.1.5
openoffice	openoffice.org	1.9.84
openoffice	openoffice.org	1.9.87
openoffice	openoffice.org	1.9.91
openoffice	openoffice.org	1.9.93
openoffice	openoffice.org	1.9.95
openoffice	openoffice.org	1.9.100
openoffice	openoffice.org	1.9.104
openoffice	openoffice.org	1.9.113
openoffice	openoffice.org	1.9.118
openoffice	openoffice.org	1.9.122
openoffice	openoffice.org	1.9.130
openoffice	openoffice.org	1.9.156
openoffice	openoffice.org	1.9.680
openoffice	openoffice.org	2.0
openoffice	openoffice.org	2.0
openoffice	openoffice.org	2.0.1
openoffice	openoffice.org	2.0.2
openoffice	openoffice.org	2.0.2
openoffice	openoffice.org	2.0.2
openoffice	openoffice.org	2.0.3
openoffice	openoffice.org	2.0.4
openoffice	openoffice.org	2.1
openoffice	openoffice.org	2.1.152
openoffice	openoffice.org	2.1.154
openoffice	openoffice.org	2.2
openoffice	openoffice.org	2.2.1
openoffice	openoffice.org	2.3
openoffice	openoffice.org	2.3.1
openoffice	openoffice.org	2.4
openoffice	openoffice.org	2.4.1
openoffice	openoffice.org	2.4.1
openoffice	openoffice.org	3.01
openoffice	openoffice.org	605b
openoffice	openoffice.org	609
openoffice	openoffice.org	614
openoffice	openoffice.org	619
openoffice	openoffice.org	627
openoffice	openoffice.org	633
openoffice	openoffice.org	638
openoffice	openoffice.org	638c
openoffice	openoffice.org	641b
openoffice	openoffice.org	641d
openoffice	openoffice.org	643

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CD78E51-0BF4-463C-8A16-C55974B6D419",
              "versionEndIncluding": "3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.0-ru:*:*:*:*:*:*:*",
              "matchCriteriaId": "55E740A1-6BF3-4AAF-904F-96A4EE2C0620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48652F8C-2CC8-4A71-B21D-FA322B443F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E28599C-D1DD-457E-96AF-148F767BAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3C9680C-1292-441E-BE3F-F2E8DA61EEF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B207A9D-9C22-47FA-AEED-9BEBD399B72B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCBC7AB3-1C64-4EC3-AA05-C75AE3886B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F3C12EF2-3946-4468-B3D8-FFFCB3480C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A7292C24-BEF1-4D3C-872D-E1F0C4D85FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E63C5EC4-C870-4498-99EB-B3498EB76DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "A33E7146-7BB6-4C50-9FC4-2EA1207FAC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D519A561-5B82-4485-89F5-B448777D4B4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CA2D68-D190-43B7-93CD-266EEAA9E5CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A1204A-BA46-46BF-9E1F-BACFA84D3761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "738D5F15-A9D2-4CB3-8D78-685AB805DD7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E697B8A3-447B-4D7B-A02B-191119453CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BCAC00A-4A0D-4220-8C81-644F5FEE7FD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "515605F8-168D-4364-B986-06EB751DAEFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F74D363-A6E4-4913-8966-2DB49D329FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "19769E9A-17CE-4D74-B43F-9EB5FF388454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "0839CC56-0C66-4143-8B98-38CE94314458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE0C9A7D-CA5D-4D36-9A5D-611ACF78D328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.104:*:*:*:*:*:*:*",
              "matchCriteriaId": "063368CB-679D-408D-BE54-EB7244CBE573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.113:*:*:*:*:*:*:*",
              "matchCriteriaId": "59BFADAF-0A5C-40EF-B6F0-716A4937B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.118:*:*:*:*:*:*:*",
              "matchCriteriaId": "833EFDA8-165D-4224-9A3A-CD8DE9BDA17B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.122:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E3C9B5C-722C-42A0-BFE8-B8575CA01682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.130:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93A102A-A73B-4324-A7DD-7E31EC74AE1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.156:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B93365-B4F3-407B-8302-C97CF1127201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:1.9.680:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC39728-FC54-4E12-9BB3-6EBB7228C96C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45DD57AC-8CA4-48DB-90F9-2D7260AB7650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "746D96DA-2292-4264-BCEA-153C3AA8FCDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "24EFAF1D-6A29-4718-A875-7CFC2C9753A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C065AAB-58E3-4312-AD74-A3E103AC73DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "36C501B2-4947-445E-9AA5-62BD5E642584",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FEFD553D-2522-4CBA-AAF6-747FEB586212",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9487A325-308D-442A-89A9-E8650925F43F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B493F3-833A-47E9-AB60-BE2D635EF8AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D86258-594A-4843-9B7E-6C25B3881BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.1.152:*:*:*:*:*:*:*",
              "matchCriteriaId": "63531F85-93DC-4DC6-ACA7-04A46DDC580F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.1.154:*:*:*:*:*:*:*",
              "matchCriteriaId": "5573DAEB-1D0D-4549-87E4-22EFDD62F6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84F14135-C9B1-481E-8A2F-5010F8174ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54678E59-299F-4236-86C4-95F5B68C11D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "443F587C-2D08-45F8-80AC-60F288D2556C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC884B82-CEF3-47B7-A578-B502AD52DBF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51167FA-13DD-46DE-AC16-A2AB2A315110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "437E06E4-019B-4AFF-9D66-AE0A635B9A6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:2.4.1:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "F8F3702B-7F00-48A2-90A7-7FADF083A523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:3.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "607C9D74-188D-4356-A16D-FAA440A2E951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:605b:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDC1EEFE-F5FF-42AA-9286-83D61E428733",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:609:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5ADAEDA-5EDC-4A75-9B85-4BF955165E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:614:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA26C74A-C5D0-4D73-ADDE-A3F0B072D3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:619:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB979FC-3722-4E96-AF69-0FECA7D7AB77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:627:*:*:*:*:*:*:*",
              "matchCriteriaId": "21DD2151-F5E2-49D7-80D8-B3967DE1054F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:633:*:*:*:*:*:*:*",
              "matchCriteriaId": "91938F63-3F7C-4CCC-95D5-F4BC5E25555A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:638:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C1AAB61-1476-4058-9268-718D272D8130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:638c:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C3311B-CFB8-4397-9524-58D81BCBBF7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:641b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61A6A83-6B46-4BF4-84E5-0E715056A20D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:641d:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D186B89-CA3B-4566-9734-602055BAE5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:643:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C2A53AE-6901-4939-B712-79B17F3C5477",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en en OpenOffice.org (OOo)anteriores v3.1.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de registros manipulados en la tabla de documentos de un documento Word, desencadenando un desbordamiento basado en pila."
    }
  ],
  "id": "CVE-2009-0200",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-09-02T17:30:00.577",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://development.openoffice.org/releases/3.1.1.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35036"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/36750"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/60799"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-26/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.debian.org/security/2009/dsa-1880"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/506194/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/36200"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2490"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://development.openoffice.org/releases/3.1.1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-26/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/506194/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-0200

Vulnerability from fstec - Published: 02.09.2009

Title

Уязвимость офисного пакета OpenOffice, связанная с целочисленным переполнением через созданные записи в талице документа, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Description

Уязвимость офисного пакета OpenOffice связана с целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании через созданные записи в таблице документа

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vendor

Novell Inc., Red Hat Inc., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Apache Software Foundation

Software Name

openSUSE, Red Hat Enterprise Linux, Debian GNU/Linux, Astra Linux Common Edition (запись в едином реестре российских программ №4433), Suse Linux Enterprise Desktop, Novell Linux Desktop, SUSE Linux Enterprise SDK, OpenOffice

Software Version

11.0 (openSUSE), 11.1 (openSUSE), 3 (Red Hat Enterprise Linux), 4 (Red Hat Enterprise Linux), 5 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 2.12 «Орёл» (Astra Linux Common Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 11 GA (Suse Linux Enterprise Desktop), 9 (Novell Linux Desktop), 10 SP2 (SUSE Linux Enterprise SDK), 11 GA (SUSE Linux Enterprise SDK), до 2.4.3 (OpenOffice), до 3.1.1 (OpenOffice)

Possible Mitigations

Использование рекомендаций: Для OpenOffice: Обновление программного обеспечения до 2.4 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета openoffice) до 2.4 или более поздней версии Для Debian: Обновление программного обеспечения (пакета openoffice) до 2.4 или более поздней версии Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2009-0200 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2009-0200/

Reference

http://www.vupen.com/english/advisories/2009/2490 https://nvd.nist.gov/vuln/detail/CVE-2009-0200 https://security-tracker.debian.org/tracker/CVE-2009-0200 https://access.redhat.com/security/cve/CVE-2009-0200 https://www.suse.com/security/cve/CVE-2009-0200/

CWE

CWE-189

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Apache Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11.0 (openSUSE), 11.1 (openSUSE), 3 (Red Hat Enterprise Linux), 4 (Red Hat Enterprise Linux), 5 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 11 GA (Suse Linux Enterprise Desktop), 9 (Novell Linux Desktop), 10 SP2 (SUSE Linux Enterprise SDK), 11 GA (SUSE Linux Enterprise SDK), \u0434\u043e 2.4.3 (OpenOffice), \u0434\u043e 3.1.1 (OpenOffice)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f OpenOffice:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 2.4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 openoffice) \u0434\u043e 2.4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 openoffice) \u0434\u043e 2.4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2009-0200\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2009-0200/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.09.2009",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.06.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02823",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2009-0200",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "openSUSE, Red Hat Enterprise Linux, Debian GNU/Linux, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Suse Linux Enterprise Desktop, Novell Linux Desktop, SUSE Linux Enterprise SDK, OpenOffice",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. openSUSE 11.0 , Novell Inc. openSUSE 11.1 , Red Hat Inc. Red Hat Enterprise Linux 3 , Red Hat Inc. Red Hat Enterprise Linux 4 , Red Hat Inc. Red Hat Enterprise Linux 5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. Suse Linux Enterprise Desktop 11 GA , Novell Inc. Novell Linux Desktop 9 32-bit, Novell Inc. Novell Linux Desktop 9 64-bit, Novell Inc. SUSE Linux Enterprise SDK 10 SP2 , Novell Inc. SUSE Linux Enterprise SDK 11 GA ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0444\u0438\u0441\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 OpenOffice, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u0442\u0430\u043b\u0438\u0446\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0438, \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u044e\u0449\u0438\u0435 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0447\u0438\u0441\u0435\u043b (CWE-189)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0444\u0438\u0441\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 OpenOffice \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u0442\u0430\u0431\u043b\u0438\u0446\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.vupen.com/english/advisories/2009/2490\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0200\nhttps://security-tracker.debian.org/tracker/CVE-2009-0200\nhttps://access.redhat.com/security/cve/CVE-2009-0200\nhttps://www.suse.com/security/cve/CVE-2009-0200/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-189",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,6)"
}

GSD-2009-0200

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0200

Aliases

CVE-2009-0200

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0200",
    "description": "Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.",
    "id": "GSD-2009-0200",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-0200.html",
      "https://www.debian.org/security/2009/dsa-1880",
      "https://access.redhat.com/errata/RHSA-2009:1426",
      "https://linux.oracle.com/cve/CVE-2009-0200.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0200"
      ],
      "details": "Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.",
      "id": "GSD-2009-0200",
      "modified": "2023-12-13T01:19:43.832630Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
        "ID": "CVE-2009-0200",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html",
            "refsource": "CONFIRM",
            "url": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
          },
          {
            "name": "60799",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/60799"
          },
          {
            "name": "GLSA-201408-19",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
          },
          {
            "name": "http://development.openoffice.org/releases/3.1.1.html",
            "refsource": "MISC",
            "url": "http://development.openoffice.org/releases/3.1.1.html"
          },
          {
            "name": "MDVSA-2010:105",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
          },
          {
            "name": "MDVSA-2010:091",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
          },
          {
            "name": "http://secunia.com/secunia_research/2009-26/",
            "refsource": "MISC",
            "url": "http://secunia.com/secunia_research/2009-26/"
          },
          {
            "name": "MDVSA-2010:035",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
          },
          {
            "name": "1020715",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
          },
          {
            "name": "SUSE-SR:2009:015",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
          },
          {
            "name": "DSA-1880",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2009/dsa-1880"
          },
          {
            "name": "oval:org.mitre.oval:def:10881",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881"
          },
          {
            "name": "35036",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35036"
          },
          {
            "name": "263508",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
          },
          {
            "name": "36750",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36750"
          },
          {
            "name": "20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/506194/100/0/threaded"
          },
          {
            "name": "36200",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36200"
          },
          {
            "name": "ADV-2009-2490",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2490"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.0.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.93:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.1.152:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.156:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.118:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.4.1:*:64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.130:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.122:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.104:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.100:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.95:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.1:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:641d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:641b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:605b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:638c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:638:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.0-ru:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.113:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.680:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:643:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:619:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:614:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:609:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:3.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.1.154:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.0.2:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:2.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.87:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.9.84:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.0.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:1.1:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:633:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:627:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openoffice:openoffice.org:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-0200"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36200",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36200"
            },
            {
              "name": "http://development.openoffice.org/releases/3.1.1.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://development.openoffice.org/releases/3.1.1.html"
            },
            {
              "name": "ADV-2009-2490",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2490"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-26/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/secunia_research/2009-26/"
            },
            {
              "name": "35036",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/35036"
            },
            {
              "name": "DSA-1880",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1880"
            },
            {
              "name": "SUSE-SR:2009:015",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
            },
            {
              "name": "36750",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36750"
            },
            {
              "name": "263508",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
            },
            {
              "name": "MDVSA-2010:035",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
            },
            {
              "name": "MDVSA-2010:091",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
            },
            {
              "name": "1020715",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
            },
            {
              "name": "MDVSA-2010:105",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
            },
            {
              "name": "GLSA-201408-19",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
            },
            {
              "name": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
            },
            {
              "name": "60799",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/60799"
            },
            {
              "name": "oval:org.mitre.oval:def:10881",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881"
            },
            {
              "name": "20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/506194/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-11T21:00Z",
      "publishedDate": "2009-09-02T17:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0200 (GCVE-0-2009-0200)

GHSA-VQGR-RW7Q-XXWM

CERTA-2009-AVI-362

Description

Solution

CERTA-2009-AVI-399

Description

Solution

FKIE_CVE-2009-0200

CVE-2009-0200

GSD-2009-0200

Tags

Sightings

Nomenclature