Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2008-0668

Published: 11/02/2008 Updated: 08/03/2011
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Redhat

Vulnerability Summary

The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric prior to 1.8.1 allows user-assisted remote malicious users to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.

Vulnerable Product Search on Vulmon Subscribe to Product

gnome gnumeric

Vendor Advisories

Ubuntu Security Notice: gnumeric vulnerability
Thilo Pfennig and Morten Welinder discovered that the XLS spreadsheet handling code in Gnumeric did not correctly calculate needed memory sizes If a user or automated system were tricked into loading a specially crafted XLS document, a remote attacker could execute arbitrary code with user privileges ...
Debian Security Advisories: DSA-1546-1 gnumeric -- integer overflow
Thilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet For the stable distribution (etch), these problems have been fixed in version 163-5+etc ...

References

CWE-189http://bugzilla.gnome.org/show_bug.cgi?id=505330http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtmlhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00114.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00227.htmlhttp://www.securityfocus.com/bid/27536http://secunia.com/advisories/28725/http://secunia.com/advisories/28799http://security.gentoo.org/glsa/glsa-200802-05.xmlhttp://bugs.gentoo.org/show_bug.cgi?id=208356http://secunia.com/advisories/28948http://www.mandriva.com/security/advisories?name=MDVSA-2008:056http://www.debian.org/security/2008/dsa-1546http://secunia.com/advisories/29702http://secunia.com/advisories/29896http://www.ubuntu.com/usn/usn-604-1http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.htmlhttp://secunia.com/advisories/31339http://www.vupen.com/english/advisories/2008/0462https://usn.ubuntu.com/604-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook