MDVSA-2012:063Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2012:063 | First vendor Publication | 2012-04-21 |
| Vendor | Mandriva | Last vendor Modification | 2012-04-21 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-0037). libreoffice for Mandriva Linux 2011 has been upgraded to the 3.4.6 version which is not vulnerable to this issue. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Alert History
| Date | Informations |
|---|---|
| 2013-04-19 13:21:55 |
|
(Medium)
