Detections
Analytics
Sun OpenOffice.org < 2.4 Multiple Vulnerabilities
high Nessus Plugin ID 31968
Synopsis
The remote Windows host has a program that is affected by multiple vulnerabilities.Description
The version of Sun Microsystems OpenOffice.org installed on the remote host is affected by several issues :- Heap overflow and arbitrary code execution vulnerabilities involving ODF text documents with XForms (CVE-2007-4770/4771).
- Heap overflow and arbitrary code execution vulnerabilities involving Quattro Pro files (CVE-2007-5745/5747).
- Heap overflow and arbitrary code execution vulnerabilities involving EMF files (CVE-2007-5746).
- Heap overflow and arbitrary code execution vulnerabilities involving OLE files (CVE-2008-0320).
Solution
Upgrade to Sun Microsystems OpenOffice.org version 2.4 or later.See Also
http://www.openoffice.org/security/cves/CVE-2007-5746.html
http://www.openoffice.org/security/cves/CVE-2007-4770.html
Plugin Details
Severity: High
ID: 31968
File Name: openoffice_240.nasl
Version: 1.17
Type: local
Agent: windows
Family: Windows
Published: 4/17/2008
Updated: 7/16/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:sun:openoffice.org
Required KB Items: SMB/OpenOffice/Build
Exploit Available: true
Exploit Ease: Exploits are available
Exploitable With
Core Impact
Metasploit (OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow)
Reference Information
CVE: CVE-2007-4770, CVE-2007-4771, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
BID: 28819