Mandriva Linux Security Advisory : openoffice.org (MDVSA-2008:095)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could allow
user-assisted remote attackers to execute arbitrary Java code via
crafted database documents (CVE-2007-4575).

A heap overflow was discovered in OpenOffice.org's EMF parser. An
attacker could create a carefully crafted EMF file that could cause
OpenOffice.org to crash or potentially execute arbitrary code if the
malicious EMF image was added to a document or if a document
containing such an EMF file was opened (CVE-2007-5746).

Multiple heap overflows and an integer underflow were discovered in
the Quattro Pro(R) import filter. An attacker could create a carefully
crafted Quattro Pro file that could cause OpenOffice.org ro crash or
potentially execute arbitrary code (CVE-2007-5745, CVE-2007-5747).

A heap overflow was discovered in the OLE Structured Storage file
parser, a format used by Microsoft Office documents. An attacker could
create a carefully crafted OLE file that could cause OpenOffice.org to
crash or potentially execute arbitrary code (CVE-2008-0320).

The updated packages have been patched to correct these issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 37969 (mandriva_MDVSA-2008-095.nasl)

Bugtraq ID:

CVE ID: CVE-2007-4575
CVE-2007-5745
CVE-2007-5746
CVE-2007-5747
CVE-2008-0320

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now