OpenOffice XML External Entity RDF Document Handling Information Disclosure

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote host is running an application affected by a data leakage
vulnerability.

Description :

The remote host is running a version of OpenOffice.org that has flaws
in the way certain XML components are processed for external entities
in ODF documents. These flaws can be utilized to access and inject the
content of local files into an ODF document without a user's knowledge
or permission, or inject arbitrary code that would be executed when
opened by the user.

See also :

http://www.openoffice.org/security/cves/CVE-2012-0037.html

Solution :

Either upgrade to 340m1(Build:9589) or apply the patch referenced in
the vendor's advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 58727 ()

Bugtraq ID: 52681

CVE ID: CVE-2012-0037

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now