Detections
Analytics

LibreOffice < 5.0.5 Multiple RCE (Mac OS X)

high Nessus Plugin ID 88984

Language:

Synopsis

The remote host has an application installed that is affected by multiple remote code execution vulnerabilities.

Description

The version of LibreOffice installed on the remote Mac OS X host is prior to 5.0.5. It is, therefore, affected by multiple vulnerabilities :

 - A remote code execution vulnerability exists due to improper validation of user-supplied input when handling LotusWordPro (LWP) documents. A remote attacker can exploit this, via a crafted LWP document, to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0794)

 - A remote code execution vulnerability exists due to improper validation of user-supplied input when handling LwpTocSuperLayout records. A remote attacker can exploit this, via a crafted LwpTocSuperLayout record in a LotusWordPro (LWP) document, to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0795)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to LibreOffice version 5.0.5 or later.

See Also

http://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/

http://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/

http://listarchives.documentfoundation.org/www/announce/msg00258.html

Plugin Details

Severity: High

ID: 88984

File Name: macosx_libreoffice_505.nasl

Version: 1.10

Type: local

Agent: macosx

Published: 2/26/2016

Updated: 11/20/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-0795

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:libreoffice:libreoffice

Required KB Items: Host/MacOSX/Version, installed_sw/LibreOffice

Exploit Ease: No known exploits are available

Patch Publication Date: 2/17/2016

Vulnerability Publication Date: 2/17/2016

Reference Information

CVE: CVE-2016-0794, CVE-2016-0795

BID: 74334