LibreOffice < 4.2.8 / 4.3.5 RTF File Handling Code Execution

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by an invalid
memory write vulnerability.

Description :

The version of LibreOffice installed on the remote Windows host is
prior to 4.2.7 or 4.3.x prior to 4.3.5. It is, therefore, affected by
an invalid memory write vulnerability. An attacker, using a specially
crafted Rich Text Format (RTF) file, can exploit this to cause a
denial of service or possibly execute arbitrary code.

Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.

See also :

https://bugs.freedesktop.org/show_bug.cgi?id=86449

Solution :

Upgrade to LibreOffice version 4.2.8 (4.2.8.2), 4.3.5 (4.3.5.2) or
later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 80832 ()

Bugtraq ID: 71313

CVE ID: CVE-2014-9093

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now