Summary
This host is installed with OpenOffice and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause a denial of service condition or execute arbitrary code.
Impact Level: System/Application
Solution
Upgrade to OpenOffice version 3.4.1 or later,
For updates refer to http://www.openoffice.org/download/
Insight
- An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object.
- Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality allows attacker to crash the application via crafted Open Document Tex (.odt) file.
Affected
OpenOffice version before 3.4.1 on windows
References
- http://osvdb.org/81988
- http://secunia.com/advisories/46992/
- http://secunia.com/advisories/50438/
- http://securitytracker.com/id?1027068
- http://www.openoffice.org/security/cves/CVE-2012-1149.html
- http://www.openoffice.org/security/cves/CVE-2012-2665.html
- http://www.securitytracker.com/id?1027332
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-1149, CVE-2012-2665 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Cyrus SASL Remote Buffer Overflow Vulnerability
- Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
- Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)
- Adobe Shockwave Player ActiveX Control BOF Vulnerability
- ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities