LibreOffice < 3.5.7 / 3.6.1 Multiple Denial of Service Vulnerabilities

Medium Nessus Plugin ID 73332


The remote host contains an application that is affected by multiple denial of service vulnerabilities.


A version of LibreOffice prior to 3.5.7 / 3.6.1 is installed on the remote Windows host. It is, therefore, reportedly affected by multiple denial of service vulnerabilities in various import filters:

- Excel (.xls)

- Windows Meta File (.wmf)

- Open Document Format (.odg / .odt)

This could allow a remote attacker with a specially crafted file to crash the application upon loading.

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the self-reported version number.


Upgrade to LibreOffice version 3.5.7 / 3.6.1 or later.

See Also

Plugin Details

Severity: Medium

ID: 73332

File Name: libreoffice_361.nasl

Version: $Revision: 1.1 $

Type: local

Agent: windows

Family: Windows

Published: 2014/04/04

Modified: 2014/04/04

Dependencies: 55573

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:libreoffice:libreoffice

Required KB Items: SMB/LibreOffice/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/10/31

Vulnerability Publication Date: 2012/10/31

Reference Information

CVE: CVE-2012-4233

BID: 56352

OSVDB: 86848, 86849, 86852, 86853