CVE-2009-0200

Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
flexeraCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
openofficeopenoffice.org
𝑥
≤ 3.1
openofficeopenoffice.org
1.0-ru
openofficeopenoffice.org
1.0.0
openofficeopenoffice.org
1.0.1
openofficeopenoffice.org
1.0.2
openofficeopenoffice.org
1.0.3.1
openofficeopenoffice.org
1.1
openofficeopenoffice.org
1.1:beta
openofficeopenoffice.org
1.1:beta2
openofficeopenoffice.org
1.1:rc1
openofficeopenoffice.org
1.1:rc3
openofficeopenoffice.org
1.1.1
openofficeopenoffice.org
1.1.2
openofficeopenoffice.org
1.1.3
openofficeopenoffice.org
1.1.4
openofficeopenoffice.org
1.1.5
openofficeopenoffice.org
1.9.84
openofficeopenoffice.org
1.9.87
openofficeopenoffice.org
1.9.91
openofficeopenoffice.org
1.9.93
openofficeopenoffice.org
1.9.95
openofficeopenoffice.org
1.9.100
openofficeopenoffice.org
1.9.104
openofficeopenoffice.org
1.9.113
openofficeopenoffice.org
1.9.118
openofficeopenoffice.org
1.9.122
openofficeopenoffice.org
1.9.130
openofficeopenoffice.org
1.9.156
openofficeopenoffice.org
1.9.680
openofficeopenoffice.org
2.0
openofficeopenoffice.org
2.0:beta2
openofficeopenoffice.org
2.0.1
openofficeopenoffice.org
2.0.2
openofficeopenoffice.org
2.0.2:rc1
openofficeopenoffice.org
2.0.2:rc2
openofficeopenoffice.org
2.0.3
openofficeopenoffice.org
2.0.4
openofficeopenoffice.org
2.1
openofficeopenoffice.org
2.1.152
openofficeopenoffice.org
2.1.154
openofficeopenoffice.org
2.2
openofficeopenoffice.org
2.2.1
openofficeopenoffice.org
2.3
openofficeopenoffice.org
2.3.1
openofficeopenoffice.org
2.4
openofficeopenoffice.org
2.4.1
openofficeopenoffice.org
2.4.1
openofficeopenoffice.org
3.01
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openoffice.org
jaunty
Fixed 1:3.0.1-9ubuntu3.1
released
intrepid
Fixed 1:2.4.1-11ubuntu2.2
released
hardy
Fixed 1:2.4.1-1ubuntu2.2
released
dapper
ignored
Common Weakness Enumeration
References
http://development.openoffice.org/releases/3.1.1.html
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://secunia.com/advisories/35036
http://secunia.com/advisories/36750
http://secunia.com/advisories/60799
http://secunia.com/secunia_research/2009-26/
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1
http://www.debian.org/security/2009/dsa-1880
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:035
http://www.mandriva.com/security/advisories?name=MDVSA-2010:091
http://www.mandriva.com/security/advisories?name=MDVSA-2010:105
http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html
http://www.securityfocus.com/archive/1/506194/100/0/threaded
http://www.securityfocus.com/bid/36200
http://www.vupen.com/english/advisories/2009/2490
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881
http://development.openoffice.org/releases/3.1.1.html
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://secunia.com/advisories/35036
http://secunia.com/advisories/36750
http://secunia.com/advisories/60799
http://secunia.com/secunia_research/2009-26/
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1
http://www.debian.org/security/2009/dsa-1880
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:035
http://www.mandriva.com/security/advisories?name=MDVSA-2010:091
http://www.mandriva.com/security/advisories?name=MDVSA-2010:105
http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html
http://www.securityfocus.com/archive/1/506194/100/0/threaded
http://www.securityfocus.com/bid/36200
http://www.vupen.com/english/advisories/2009/2490
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881