LibreOffice < 3.3.3 / 3.4.0 LWP File Handling Overflow
High Nessus Plugin ID 55574
SynopsisThe remote Windows host has a program affected by a buffer overflow vulnerability.
DescriptionThe version of LibreOffice installed on the remote host is earlier than 3.3.3 / 3.4.0. As such, it is reportedly affected by a stack buffer overflow in the Lotus Word Pro import filter that arises from its failure to properly handle object ids in '.lwp' documents.
If an attacker can trick a user on the affected system into importing a specially crafted .lwp document into the application, he could leverage this issue to execute arbitrary code subject to the user's privileges.
SolutionUpgrade to LibreOffice 3.3.3 / 3.4.0 or later.