Fedora 7 : openoffice.org-2.3.0-6.8.fc7 (2008-4104)

High Nessus Plugin ID 32385


The remote Fedora host is missing a security update.


Following security issues were addressed in this update: # CVE-2007-5745/5747: Manipulated Quattro Pro files can lead to heap overflows and arbitrary code execution # CVE-2007-5746: Manipulated EMF files can lead to heap overflows and arbitrary code execution # CVE-2008-0320: Manipulated OLE files can lead to heap overflows and arbitrary code execution

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected openoffice.org package.

See Also






Plugin Details

Severity: High

ID: 32385

File Name: fedora_2008-4104.nasl

Version: $Revision: 1.20 $

Type: local

Agent: unix

Published: 2008/05/20

Modified: 2018/01/11

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:openoffice.org, cpe:/o:fedoraproject:fedora:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/05/17

Exploitable With

Core Impact

Metasploit (OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow)

Reference Information

CVE: CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320

BID: 28819

FEDORA: 2008-4104

CWE: 119, 189