This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
This update provides the OpenOffice.org 3.0 major version and holds
the security fixes for the following issues :
An integer underflow might allow remote attackers to execute arbitrary
code via crafted records in the document table of a Word document
leading to a heap-based buffer overflow (CVE-2009-0200).
An heap-based buffer overflow might allow remote attackers to execute
arbitrary code via unspecified records in a crafted Word document
related to table parsing. (CVE-2009-0201).
Multiple heap-based buffer overflows allow remote attackers to execute
arbitrary code via a crafted EMF+ file (CVE-2009-2140).
OpenOffice's xmlsec uses a bundled Libtool which might load .la file
in the current working directory allowing local users to gain
privileges via a Trojan horse file. For enabling such vulnerability
xmlsec has to use --enable-crypto_dl building flag however it does
not, although the fix keeps protected against this threat whenever
that flag had been enabled (CVE-2009-3736).
Additional packages are also being provided due to dependencies.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 44996 (mandriva_MDVSA-2010-056.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now