OpenOffice XML External Entity RDF Document Handling Information Disclosure

High Nessus Plugin ID 58727


The remote host is running an application affected by a data leakage vulnerability.


The remote host is running a version of that has flaws in the way certain XML components are processed for external entities in ODF documents. These flaws can be utilized to access and inject the content of local files into an ODF document without a user's knowledge or permission, or inject arbitrary code that would be executed when opened by the user.


Either upgrade to 340m1(Build:9589) or apply the patch referenced in the vendor's advisory.

See Also

Plugin Details

Severity: High

ID: 58727

File Name: openoffice_2012_0037.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2012/04/12

Modified: 2015/01/12

Dependencies: 25551, 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/

Required KB Items: SMB/OpenOffice/Build, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/03/22

Vulnerability Publication Date: 2012/03/22

Reference Information

CVE: CVE-2012-0037

BID: 52681

OSVDB: 80307