LibreOffice < 3.5.7 / 3.6.1 Multiple Denial of Service Vulnerabilities

medium Nessus Plugin ID 73332

Synopsis

The remote host contains an application that is affected by multiple denial of service vulnerabilities.

Description

A version of LibreOffice prior to 3.5.7 / 3.6.1 is installed on the remote Windows host. It is, therefore, reportedly affected by multiple denial of service vulnerabilities in various import filters:

- Excel (.xls)

- Windows Meta File (.wmf)

- Open Document Format (.odg / .odt)

This could allow a remote attacker with a specially crafted file to crash the application upon loading.

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the self-reported version number.

Solution

Upgrade to LibreOffice version 3.5.7 / 3.6.1 or later.

See Also

http://www.libreoffice.org/about-us/security/advisories/cve-2012-4233/

http://www.nessus.org/u?ef8de15a

http://www.nessus.org/u?a3af5545

Plugin Details

Severity: Medium

ID: 73332

File Name: libreoffice_361.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 4/4/2014

Updated: 11/26/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:libreoffice:libreoffice

Required KB Items: SMB/LibreOffice/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/31/2012

Vulnerability Publication Date: 10/31/2012

Reference Information

CVE: CVE-2012-4233

BID: 56352