Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OpenOffice < 3.2 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a program that is vulnerable to multiple attack vectors.

Description

The version of OpenOffice installed on the remote host is earlier than 3.2. Such versions are potentially affected by several issues :

- Signatures may not be handled properly due to a vulnerability in the libxml2 library. (CVE-2006-4339)

- There is an HMAC truncation authentication bypass vulnerability in the libxmlsec library. (CVE-2009-0217)

- The application is bundled with a vulnerable version of the Microsoft VC++ runtime. (CVE-2009-2493)

- Specially crafted XPM files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2949)

- Specially crafted GIF files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2950)

- Specially crafted Microsoft Word documents are not processed properly, which could lead to arbitrary code execution. (CVE-2009-3301 / CVE-2009-3302)

Solution

Upgrade to OpenOffice version 3.2 or later.