LibreOffice < 3.4.6 / 3.5.1 XML External Entity RDF Document Handling Information Disclosure

High Nessus Plugin ID 58726


The remote host is running an application affected by a data leakage vulnerability.


The remote host is running a version of LibreOffice < 3.4.6 / 3.5.1 that has flaws in the way certain XML components are processed for external entities in ODF documents. These flaws can be utilized to access and inject the content of local files into an ODF document without a user's knowledge or permission, or inject arbitrary code that would be executed when opened by the user.


Upgrade to LibreOffice 3.4.6 / 3.5.1 or higher.

See Also

Plugin Details

Severity: High

ID: 58726

File Name: libreoffice_351.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2012/04/12

Modified: 2014/09/02

Dependencies: 55573

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:libreoffice:libreoffice

Required KB Items: SMB/LibreOffice/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/03/22

Vulnerability Publication Date: 2012/03/22

Reference Information

CVE: CVE-2012-0037

BID: 52681

OSVDB: 80307