Summary
The host has OpenOffice installed and is prone to directory traversal vulnerabilities.
Impact
Successful exploitation could allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Impact Level: System/Application
Solution
Upgrade to OpenOffice Version 3.3.0 or later
For updates refer to http://www.openoffice.org/
Insight
The flaw is due to an error in 'soffice', which places a zero-length directory name in the 'LD_LIBRARY_PATH'.
Affected
OpenOffice Version 3.x to 3.2.0 on Windows
References
Severity
Classification
-
CVE CVE-2010-3689 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apple Safari Multiple Memory Corruption Vulnerabilities-03 Aug14 (Mac OS X)
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
- Adobe Reader Multiple Vulnerabilities - Aug07 (Linux)
- Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)