Apache OpenOffice < 4.1.14 Multiple Vulnerabilities (macOS)

high Nessus Plugin ID 173740

Synopsis

The remote Mac OSX host has an application installed that is affected by multiple vulnerabilities.

Description

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.14. It is, therefore, affected by multiple vulnerabilities:

- libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674)

- Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

- Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. (CVE-2022-47052)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache OpenOffice version 4.1.14 or later.

See Also

http://www.nessus.org/u?f8e60620

http://www.nessus.org/u?f8552ad5

http://www.nessus.org/u?18ed09c1

http://www.nessus.org/u?86f9bcc9

Plugin Details

Severity: High

ID: 173740

File Name: macos_openoffice_4114.nasl

Version: 1.3

Type: local

Agent: macosx

Published: 3/31/2023

Updated: 1/5/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-40674

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:openoffice

Required KB Items: installed_sw/OpenOffice

Exploit Ease: No known exploits are available

Patch Publication Date: 2/27/2023

Vulnerability Publication Date: 2/27/2023

Reference Information

CVE: CVE-2022-38745, CVE-2022-40674, CVE-2022-47502

IAVA: 2023-A-0160-S