LibreOffice Impress Remote Socket Manager RCE Vulnerability Nov14 (Windows) Network Vulnerability

Summary

This host is installed with LibreOffice and is prone to remote code execution vulnerability.

Impact

Successful exploitation will allow attackers to cause a denial of service (crash) or possibly execute arbitrary code. Impact Level: System/Application

Solution

Upgrade to LibreOffice 4.2.7 or 4.3.3 or later, For updates refer to http://www.libreoffice.org

Insight

Flaw exists due to use-after-free error in the Impress Remote socket manager.

Affected

LibreOffice version 4.x prior to 4.2.7 and 4.3.x prior to 4.3.3 on Windows

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/62132
http://www.osvdb.org/114326
https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3693

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)

Take action and discover your vulnerabilities