CVE-2009-2139

Currently unrated

Key Information:

Vendor: Oracle
Status: Openoffice.org
Vendor: CVE Published:; 8 September 2009

Summary

Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?i...

x_refsource_CONFIRM

EPSS Score

32% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 8, 2009
Vulnerability Reserved
Jun 20, 2009