LibreOffice Impress Remote Socket Manager RCE Vulnerability Nov14 (Mac OS X) Network Vulnerability

Summary

This host is installed with LibreOffice and is prone to remote code execution vulnerability.

Impact

Successful exploitation will allow attackers to cause a denial of service (crash) or possibly execute arbitrary code. Impact Level: System/Application

Solution

Upgrade to LibreOffice 4.2.7 or 4.3.3 or later, For updates refer to http://www.libreoffice.org

Insight

Flaw exists due to use-after-free error in the Impress Remote socket manager.

Affected

LibreOffice version 4.x prior to 4.2.7 and 4.3.x prior to 4.3.3 on Mac OS X

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/62132
http://www.osvdb.org/114326
https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3693

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
Adobe Air Multiple Vulnerabilities - December12 (Windows)
Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)

Take action and discover your vulnerabilities