Detections
Analytics

Apache OpenOffice < 4.1.15 Multiple Vulnerabilities (macOS)

high Nessus Plugin ID 187658

Language:

Synopsis

The remote Mac OSX host has an application installed that is affected by multiple vulnerabilities.

Description

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.15. It is, therefore, affected by multiple vulnerabilities as stated in the vendor advisories and release notes.

 - Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of Apache OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of 2022-47502. (CVE-2023-47804)

 - An attacker can craft an OBD containing a 'database/script' file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. (CVE-2023-1183)

 - In Apache OpenOffice and LibreOffice embedded content will be opened automatically without that a warning is shown. (CVE-2012-5639)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache OpenOffice version 4.1.15 or later.

See Also

http://www.nessus.org/u?f8e60620

http://www.nessus.org/u?f8552ad5

http://www.nessus.org/u?18ed09c1

http://www.nessus.org/u?86f9bcc9

Plugin Details

Severity: High

ID: 187658

File Name: macos_openoffice_4115.nasl

Version: 1.2

Type: local

Agent: macosx

Published: 1/5/2024

Updated: 1/9/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2012-5639

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-47804

Vulnerability Information

CPE: cpe:/a:apache:openoffice

Required KB Items: installed_sw/OpenOffice

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/22/2023

Vulnerability Publication Date: 3/24/2023

Reference Information

CVE: CVE-2012-5639, CVE-2022-43680, CVE-2023-1183, CVE-2023-47804

IAVA: 2024-A-0001