Summary
This host is installed with OpenOffice and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause a denial of service condition or execute arbitrary code.
Impact Level: System/Application
Solution
Upgrade to OpenOffice version 3.4.1 or later,
For updates refer to http://www.openoffice.org/download/
Insight
- An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object.
- Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality allows attacker to crash the application via crafted Open Document Tex (.odt) file.
Affected
OpenOffice version before 3.4.1 on windows
References
- http://osvdb.org/81988
- http://secunia.com/advisories/46992/
- http://secunia.com/advisories/50438/
- http://securitytracker.com/id?1027068
- http://www.openoffice.org/security/cves/CVE-2012-1149.html
- http://www.openoffice.org/security/cves/CVE-2012-2665.html
- http://www.securitytracker.com/id?1027332
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-1149, CVE-2012-2665 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ALLMediaServer Request Handling Stack Buffer Overflow Vulnerability
- Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
- DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
- Apple iTunes '.pls' Files Buffer Overflow Vulnerability