OpenOffice Senddoc Insecure Temporary File Creation Vulnerability (Win) Network Vulnerability

Summary

The host has OpenOffice installed and is prone to Insecure Temporary File Creation Vulnerability.

Impact

Successful exploitation allows attackers to delete or corrupt sensitive files, which may result in a denial of service condition. Impact Level: Application

Solution

Upgrade OpenOffice higher version. http://download.openoffice.org/index.html

Insight

The flaw exists due to OpenOffice 'senddoc' which creates temporary files in an insecure manner, that allows users to overwrite files via a symlink attack on a /tmp/log.obr.##### temporary file.

Affected

OpenOffice.org 2.4.1 on Windows (Any).

References

http://www.openwall.com/lists/oss-security/2008/10/30/2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4937

CVSS	Base Score: 2.6 AV:L/AC:H/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Malwarebytes-Anti-Exploit Denial Of Service (Windows)
TYPSoft FTP 1.10
Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Mac OS X)
Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows)
Kingsoft Antivirus 'KisKrnl.sys' Driver Denial of Service Vulnerability

OpenOffice senddoc Insecure Temporary File Creation Vulnerability (Win)

Take action and discover your vulnerabilities