OpenOffice Senddoc Insecure Temporary File Creation Vulnerability (Win) Network Vulnerability

Summary

The host has OpenOffice installed and is prone to Insecure Temporary File Creation Vulnerability.

Impact

Successful exploitation allows attackers to delete or corrupt sensitive files, which may result in a denial of service condition. Impact Level: Application

Solution

Upgrade OpenOffice higher version. http://download.openoffice.org/index.html

Insight

The flaw exists due to OpenOffice 'senddoc' which creates temporary files in an insecure manner, that allows users to overwrite files via a symlink attack on a /tmp/log.obr.##### temporary file.

Affected

OpenOffice.org 2.4.1 on Windows (Any).

References

http://www.openwall.com/lists/oss-security/2008/10/30/2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4937

CVSS	Base Score: 2.6 AV:L/AC:H/Au:N/C:N/I:P/A:P

Related Vulnerabilities

PHP 'mbstring.func_overload' DoS Vulnerability
Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Linux
Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows)
Squid Proxy Cache ICAP Adaptation Denial of Service Vulnerability
OpenOffice senddoc Insecure Temporary File Creation Vulnerability (Win)

Take action and discover your vulnerabilities