Apache OpenOffice < 4.1.3 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application installed that is affected
by multiple vulnerabilities.

Description :

The version of Apache OpenOffice installed on the remote host is a
version prior to 4.1.3. It is, therefore, affected by the following
vulnerabilities :

- A memory corruption issue exists in the Impress tool due
to improper validation of user-supplied input when
handling elements in invalid presentations. An
unauthenticated, remote attacker can exploit this, via
specially crafted MetaActions in an ODP or OTP file, to
cause a denial of service condition or the execution of
arbitrary code. (CVE-2016-1513)

- A privilege escalation vulnerability exists due to the
use of an unquoted Windows search path. A local attacker
can exploit this to execute arbitrary code with elevated
privileges. (CVE-2016-6803)

- A privilege escalation vulnerability exists due to the
use of a fixed path to load system binaries. A local
attacker can exploit this, via a specially crafted DLL
file in the library path, to inject and execute
arbitrary code with elevated privileges. (CVE-2016-6804)

See also :

https://www.openoffice.org/security/cves/CVE-2016-1513.html
https://www.openoffice.org/security/cves/CVE-2016-6803.html
https://www.openoffice.org/security/cves/CVE-2016-6804.html
https://archive.apache.org/dist/openoffice/4.1.2-patch1/hotfix.html

Solution :

Upgrade to Apache OpenOffice version 4.1.3 or later. Alternatively,
the vendor has released a hotfix for 4.1.2 that resolves
CVE-2016-1513. Note that the hotfix only resolves this one
vulnerability.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 94199 ()

Bugtraq ID: 92079
93774

CVE ID: CVE-2016-1513
CVE-2016-6803
CVE-2016-6804

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now