Apache OpenOffice < 4.0 Multiple Memory Corruption Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a program affected by multiple memory
corruption vulnerabilities.

Description :

The version of Apache OpenOffice installed on the remote host is prior
to 4.0. It is, therefore, affected by memory corruption
vulnerabilities related to the handling of PLCF (Plex of Character
Positions in File) data and unknown XML elements in OOXML files. This
can lead to application crashes and, potentially, other unspecified
impacts.

See also :

http://www.openoffice.org/security/cves/CVE-2013-2189.html
http://www.openoffice.org/security/cves/CVE-2013-4156.html
https://blogs.apache.org/OOo/entry/a_short_celebration_and_then

Solution :

Upgrade to Apache OpenOffice version 4.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 69185 ()

Bugtraq ID: 61465
61468

CVE ID: CVE-2013-2189
CVE-2013-4156

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now