Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-3437

Опубликовано: 01 авг. 2008
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openoffice:openoffice.org:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice.org:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice.org:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice.org:2.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 73%
0.00779
Низкий

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

ubuntu логотип

CVE-2008-3437

ubuntu
больше 17 лет назад

OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

debian логотип

CVE-2008-3437

debian
больше 17 лет назад

OpenOffice.org (OOo) before 2.1.0 does not properly verify the authent ...

github логотип

GHSA-3g32-62rm-7wvw

github
почти 4 года назад

OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

EPSS

Процентиль: 73%
0.00779
Низкий

7.5 High

CVSS2

Дефекты

CWE-94