LibreOffice < 3.4.6 / 3.5.1 XML External Entity RDF Document Handling Information Disclosure (Mac OS X)
High Nessus Plugin ID 58725
SynopsisThe remote host is running an application affected by a data leakage vulnerability.
DescriptionThe remote host is running a version of LibreOffice < 3.4.6 / 3.5.1 that has flaws in the way certain XML components are processed for external entities in ODF documents. These flaws can be utilized to access and inject the content of local files into an ODF document without a user's knowledge or permission, or inject arbitrary code that would be executed when opened by the user.
SolutionUpgrade to LibreOffice 3.4.6 / 3.5.1 or higher.