• IDP Daily Update #1321
  posted: 12/02/08
  
• NSM Daily Update #1321
  posted: 12/02/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1321
  posted: 12/02/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
  posted: 12/02/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 12/01/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability

Severity: HIGH

Description:

OpenOffice is a suite of office applications for multiple operating platforms.

OpenOffice is prone to a remote code-execution vulnerability because of errors in memory allocation. Specifically, this issue occurs in the 'rtl_allocateMemory() function from the 'sal/rtl/source/alloc_global.c' source file. An index for memory allocation may be calculated as a negative value or truncated to an inadequate size.

Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted OpenOffice document.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

OpenOffice 2.41 is vulnerable; other versions may also be affected. This issue is limited to builds on 64-bit platforms.

Affected Products:

• OpenOffice OpenOffice 2.4
• OpenOffice OpenOffice 2.4.1
• RedHat Enterprise Linux Desktop 5 client
• RedHat Enterprise Linux Desktop Workstation 5 client
• RedHat Enterprise Linux Optional Productivity Application 5 server

References:

• Red Hat: Bug 458056 CVE-2008-3282 openoffice.org: numeric truncation error in memory allo
• CVE: CVE-2008-3282
• OpenOffice: Issue 92217
• OpenOffice: OpenOffice Homepage
• Red Hat: RHSA-2008:0835-1 openoffice.org security update