OpenOffice Senddoc Insecure Temporary File Creation Vulnerability (Win) Network Vulnerability

Summary

The host has OpenOffice installed and is prone to Insecure Temporary File Creation Vulnerability.

Impact

Successful exploitation allows attackers to delete or corrupt sensitive files, which may result in a denial of service condition. Impact Level: Application

Solution

Upgrade OpenOffice higher version. http://download.openoffice.org/index.html

Insight

The flaw exists due to OpenOffice 'senddoc' which creates temporary files in an insecure manner, that allows users to overwrite files via a symlink attack on a /tmp/log.obr.##### temporary file.

Affected

OpenOffice.org 2.4.1 on Windows (Any).

References

http://www.openwall.com/lists/oss-security/2008/10/30/2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4937
CVSS Base Score: 2.6
AV:L/AC:H/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win
PHP 'mbstring.func_overload' DoS Vulnerability
Microsoft IIS FTP Server 'ls' Command DOS Vulnerability
Hummingbird Connectivity FTP service XCWD Overflow
Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability

OpenOffice senddoc Insecure Temporary File Creation Vulnerability (Win)

Take action and discover your vulnerabilities