LibreOffice < 4.2.5 Unspecified Macro Code Execution

critical Nessus Plugin ID 76594

Synopsis

The remote host contains an application that is affected by a vulnerability that allows unspecified VBA macro execution.

Description

A version of LibreOffice is installed on the remote Windows host that is between versions 4.1.4 and 4.2.4. It is, therefore, affected by a vulnerability that allows the execution of unspecified VBA macros automatically.

Note that Nessus has not attempted to exploit this issue, but has instead relied only on the application's self-reported version number.

Solution

Upgrade to LibreOffice version 4.2.5 or later.

See Also

http://www.libreoffice.org/about-us/security/advisories/CVE-2014-0247

Plugin Details

Severity: Critical

ID: 76594

File Name: libreoffice_425.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 7/18/2014

Updated: 7/12/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:libreoffice:libreoffice

Required KB Items: SMB/LibreOffice/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/20/2014

Vulnerability Publication Date: 6/23/2014

Reference Information

CVE: CVE-2014-0247

BID: 68151