OpenOffice Senddoc Insecure Temporary File Creation Vulnerability (Win) Network Vulnerability

Summary

The host has OpenOffice installed and is prone to Insecure Temporary File Creation Vulnerability.

Impact

Successful exploitation allows attackers to delete or corrupt sensitive files, which may result in a denial of service condition. Impact Level: Application

Solution

Upgrade OpenOffice higher version. http://download.openoffice.org/index.html

Insight

The flaw exists due to OpenOffice 'senddoc' which creates temporary files in an insecure manner, that allows users to overwrite files via a symlink attack on a /tmp/log.obr.##### temporary file.

Affected

OpenOffice.org 2.4.1 on Windows (Any).

References

http://www.openwall.com/lists/oss-security/2008/10/30/2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4937

CVSS	Base Score: 2.6 AV:L/AC:H/Au:N/C:N/I:P/A:P

Related Vulnerabilities

TYPSoft FTP Server 'APPE' and 'DELE' Commands DOS Vulnerability
Hummingbird Connectivity FTP service XCWD Overflow
Wireshark SMB PIPE Dissector Denial of Service Vulnerability (Windows)
Oracle VM VirtualBox Local Denial of Service Vulnerability-01 Oct2013 (Linux)
Sun VirtualBox or xVM VirtualBox Denial Of Service Vulnerability (Linux)

OpenOffice senddoc Insecure Temporary File Creation Vulnerability (Win)

Take action and discover your vulnerabilities