Detections
Analytics

Apache OpenOffice < 4.1.3 Multiple Vulnerabilities

high Nessus Plugin ID 94199

Language:

Synopsis

The remote Windows host has an application installed that is affected by multiple vulnerabilities.

Description

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.3. It is, therefore, affected by the following vulnerabilities :

 - A memory corruption issue exists in the Impress tool due to improper validation of user-supplied input when handling elements in invalid presentations. An unauthenticated, remote attacker can exploit this, via specially crafted MetaActions in an ODP or OTP file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1513)

 - A privilege escalation vulnerability exists due to the use of an unquoted Windows search path. A local attacker can exploit this to execute arbitrary code with elevated privileges. (CVE-2016-6803)

 - A privilege escalation vulnerability exists due to the use of a fixed path to load system binaries. A local attacker can exploit this, via a specially crafted DLL file in the library path, to inject and execute arbitrary code with elevated privileges. (CVE-2016-6804)

Solution

Upgrade to Apache OpenOffice version 4.1.3 or later. Alternatively, the vendor has released a hotfix for 4.1.2 that resolves CVE-2016-1513. Note that the hotfix only resolves this one vulnerability.

See Also

https://www.openoffice.org/security/cves/CVE-2016-1513.html

https://www.openoffice.org/security/cves/CVE-2016-6803.html

https://www.openoffice.org/security/cves/CVE-2016-6804.html

https://archive.apache.org/dist/openoffice/4.1.2-patch1/hotfix.html

Plugin Details

Severity: High

ID: 94199

File Name: openoffice_413.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 10/21/2016

Updated: 11/14/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-6804

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:openoffice

Required KB Items: SMB/Registry/Enumerated, installed_sw/OpenOffice

Exploit Ease: No known exploits are available

Patch Publication Date: 10/11/2016

Vulnerability Publication Date: 7/21/2016

Reference Information

CVE: CVE-2016-1513, CVE-2016-6803, CVE-2016-6804

BID: 92079, 93774