Detections
Analytics
OpenOffice < 2.3 TIFF Parser Multiple Overflows
medium Nessus Network Monitor Plugin ID 4216
Synopsis
The remote Windows host has a program that is affected by multiple buffer overflow vulnerabilities.Description
The remote Windows host has a program that is affected by multiple buffer overflow vulnerabilities. The remote host is running a version of OpenOffice.org that is affected by multiple integer overflows in its TIFF document parser that can be triggered when parsing tags in TIFF directory entries. If a remote attacker can trick a user into opening a specially-crafted TIFF document, he may be able to leverage this issue to execute arbitrary code on the remote host subject to the user's privileges.Solution
Upgrade to version 2.3 or higher.See Also
http://www.securityfocus.com/archive/1/479759/30/0/threaded
http://www.openoffice.org/security/cves/CVE-2007-2834.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593
Plugin Details
Severity: Medium
ID: 4216
Family: Generic
Published: 9/18/2007
Updated: 3/6/2019
Nessus ID: 26064
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4
Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.4
Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:sun:openoffice.org
Reference Information
CVE: CVE-2007-2834
BID: 25690