LibreOffice < 5.0.5 Multiple RCE

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an application installed that is affected by
multiple remote code execution vulnerabilities.

Description :

The version of LibreOffice installed on the remote Windows host is
prior to 5.0.5. It is, therefore, affected by multiple
vulnerabilities :

- A remote code execution vulnerability exists due to
improper validation of user-supplied input when handling
LotusWordPro (LWP) documents. A remote attacker can
exploit this, via a crafted LWP document, to corrupt
memory, resulting in a denial of service condition or
the execution of arbitrary code. (CVE-2016-0794)

- A remote code execution vulnerability exists due to
improper validation of user-supplied input when handling
LwpTocSuperLayout records. A remote attacker can exploit
this, via a crafted LwpTocSuperLayout record in a
LotusWordPro (LWP) document, to corrupt memory,
resulting in a denial of service condition or the
execution of arbitrary code. (CVE-2016-0795)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
http://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
http://listarchives.documentfoundation.org/www/announce/msg00258.html

Solution :

Upgrade to LibreOffice version 5.0.5 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 88983 ()

Bugtraq ID: 74334

CVE ID: CVE-2016-0794
CVE-2016-0795

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now