FreeBSD : openoffice -- arbitrary code execution vulnerabilities (842bafdd-be2f-11dd-a578-0030843d3802)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The OpenOffice Team reports :

A security vulnerability with the way OpenOffice 2.x process WMF files
may allow a remote unprivileged user who provides a
StarOffice/StarSuite document that is opened by a local user to
execute arbitrary commands on the system with the privileges of the
user running StarOffice/StarSuite. No working exploit is known right
now.

A security vulnerability with the way OpenOffice 2.x process EMF files
may allow a remote unprivileged user who provides a
StarOffice/StarSuite document that is opened by a local user to
execute arbitrary commands on the system with the privileges of the
user running StarOffice/StarSuite. No working exploit is known right
now.

See also :

http://www.openoffice.org/security/cves/CVE-2008-2237.html
http://www.openoffice.org/security/cves/CVE-2008-2238.html
http://www.nessus.org/u?d49b02d1

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 34979 (freebsd_pkg_842bafddbe2f11dda5780030843d3802.nasl)

Bugtraq ID:

CVE ID: CVE-2008-2237
CVE-2008-2238

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now