icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

OpenOffice < 3.2 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a program that is vulnerable to multiple attack vectors.

Description

The version of OpenOffice installed on the remote host is earlier than 3.2. Such versions are potentially affected by several issues :

- Signatures may not be handled properly due to a vulnerability in the libxml2 library. (CVE-2006-4339)

- There is an HMAC truncation authentication bypass vulnerability in the libxmlsec library. (CVE-2009-0217)

- The application is bundled with a vulnerable version of the Microsoft VC++ runtime. (CVE-2009-2493)

- Specially crafted XPM files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2949)

- Specially crafted GIF files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2950)

- Specially crafted Microsoft Word documents are not processed properly, which could lead to arbitrary code execution. (CVE-2009-3301 / CVE-2009-3302)

Solution

Upgrade to OpenOffice version 3.2 or later.