Summary
This host has OpenOffice running which is prone to multiple remote code execution vulnerabilities.
Impact
Successful exploitation lets the attackers to cause a denial of service or execute arbitrary code.
Impact Level: Application/System
Solution
Upgrade to OpenOffice.org version 3.2 or later,
http://download.openoffice.org/index.html
Insight
- GIF Files in GIFLZWDecompressor:: GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx leading to heap overflow.
- XPM files in XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx leading to an integer overflow.
- Microsoft Word document in filter/ww8/ww8par2.cxx leading to application crash or execute arbitrary code via crafted sprmTSetBrc table property in a Word document.
Affected
OpenOffice.org versions prior to 3.2
References
Severity
Classification
-
CVE CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
- Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)
- Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
- Amarok Player Multiple Vulnerabilities
- Citrix Provisioning Services SoapServer Buffer Overflow Vulnerability