LibreOffice 4.x < 4.2.7 Impress Remote RCE
High Nessus Plugin ID 80079
SynopsisThe remote host contains an application that is affected by a use-after-free memory vulnerability.
DescriptionA version of LibreOffice is installed on the remote Windows host that is 4.x prior to 4.2.7. It is, therefore, affected by a use-after-free vulnerability related to the Impress Remote socket manager that allows denial of service attacks or arbitrary code execution by means of a specially crafted TCP request that causes already freed memory to be dereferenced.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to LibreOffice version 4.2.7 (18.104.22.168) or later.