HTTP: OpenOffice EMF File EMR Record Parsing Integer Overflow
This signature detects attempts to exploit a known vulnerability in the OpenOffice EMF File EMR Record. A successful attack can lead to arbitrary code execution.
Extended Description
OpenOffice is prone to multiple remote heap-based buffer-overflow vulnerabilities because of errors in processing certain files. Remote attackers can exploit these issues by enticing victims into opening maliciously crafted EMF or WMF files. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service. The issues affect OpenOffice 2 prior to 2.4.2.
Affected Products
Planamesa neooffice,Red_hat fedora
Short Name
HTTP:STC:DL:EMF-EMR-INT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2008-2238 EMF EMR File Integer OpenOffice Overflow Parsing Record bid:31962
Release Date
10/18/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3733
False Positive
Unknown
Vendors
Red_hat
Suse
Planamesa
Gentoo
Sun
Openoffice
Pardus
Ubuntu
Mandriva
Debian
CVSS Score
9.3