Detections
Analytics

Apache OpenOffice < 4.1.1 Multiple Vulnerabilities

high Nessus Plugin ID 77408

Language:

Synopsis

The remote Windows host has an application installed that is affected by multiple vulnerabilities.

Description

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.1. It is, therefore, affected by the following vulnerabilities :

 - An unspecified flaw allows remote attackers to execute arbitrary commands via a specially crafted Calc spreadsheet. (CVE-2014-3524)

 - A flaw in the OLE preview generation allows a remote attacker to embed arbitrary data into documents via specially crafted OLE objects. (CVE-2014-3575)

Solution

Upgrade to Apache OpenOffice version 4.1.1 or later.

See Also

https://www.openoffice.org/security/cves/CVE-2014-3524.html

https://www.openoffice.org/security/cves/CVE-2014-3575.html

Plugin Details

Severity: High

ID: 77408

File Name: openoffice_411.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 8/27/2014

Updated: 7/16/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apache:openoffice

Required KB Items: SMB/OpenOffice/Build

Exploit Ease: No known exploits are available

Patch Publication Date: 8/21/2014

Vulnerability Publication Date: 8/21/2014

Reference Information

CVE: CVE-2014-3524, CVE-2014-3575

BID: 69351, 69354