What is the severity of CVE-2009-3302?

CVE-2009-3302 is classified as a medium severity vulnerability due to its potential to cause application crashes and execute arbitrary code.

How do I fix CVE-2009-3302?

To fix CVE-2009-3302, update to a version of OpenOffice.org later than 3.2 or apply the appropriate security patches provided by your software vendor.

Which versions of OpenOffice.org are affected by CVE-2009-3302?

CVE-2009-3302 affects all OpenOffice.org versions prior to 3.2, including specific Red Hat and Debian releases noted in the vulnerability report.

What type of vulnerability is CVE-2009-3302?

CVE-2009-3302 is a boundary error flaw that allows denial of service and potentially arbitrary code execution through crafted Word documents.

Can CVE-2009-3302 lead to data breaches?

While CVE-2009-3302 primarily causes denial of service, the ability to execute arbitrary code could potentially lead to data breaches if exploited.

Vulnerability/
CVE-2009-3302

critical

9.3

CWE

94 119

4/11/2009

12/2/2010

16/2/2010

11/4/2025

CVE-2009-3302: Code Injection

First published: Wed Nov 04 2009(Updated: )

filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/openoffice.org2	<1:2.0.4-5.7.0.6.1.el4_8.3	1:2.0.4-5.7.0.6.1.el4_8.3
redhat/openoffice.org	<1:2.3.0-6.11.el5_4.4	1:2.3.0-6.11.el5_4.4
Apache OpenOffice	<3.2.0
Debian Linux	=5.0
Debian Linux	=4.0
Ubuntu	=9.04
Ubuntu	=8.10
Ubuntu	=9.10
Ubuntu	=8.04
	<3.2.0
	=8.04
	=8.10
	=9.04
	=9.10
	=4.0
	=5.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

RHSA-2010:0101

Frequently Asked Questions

What is the severity of CVE-2009-3302?
CVE-2009-3302 is classified as a medium severity vulnerability due to its potential to cause application crashes and execute arbitrary code.
How do I fix CVE-2009-3302?
To fix CVE-2009-3302, update to a version of OpenOffice.org later than 3.2 or apply the appropriate security patches provided by your software vendor.
Which versions of OpenOffice.org are affected by CVE-2009-3302?
CVE-2009-3302 affects all OpenOffice.org versions prior to 3.2, including specific Red Hat and Debian releases noted in the vulnerability report.
What type of vulnerability is CVE-2009-3302?
CVE-2009-3302 is a boundary error flaw that allows denial of service and potentially arbitrary code execution through crafted Word documents.
Can CVE-2009-3302 lead to data breaches?
While CVE-2009-3302 primarily causes denial of service, the ability to execute arbitrary code could potentially lead to data breaches if exploited.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2009-3302
agent/severity
agent/references
agent/author
agent/weakness
agent/description
collector/redhat-cve
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
package-manager/redhat
vendor/apache
canonical/apache openoffice
vendor/debian
canonical/debian linux
version/debian linux/5.0
version/debian linux/4.0
vendor/canonical
canonical/ubuntu
version/ubuntu/9.04
version/ubuntu/8.10
version/ubuntu/9.10
version/ubuntu/8.04