|Name||MDVSA-2012:063||First vendor Publication||2012-04-21|
|Vendor||Mandriva||Last vendor Modification||2012-04-21|
Security-Database Scoring CVSS v2
|Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)|
|Cvss Base Score||4.3||Attack Range||Network|
|Cvss Impact Score||2.9||Attack Complexity||Medium|
|Cvss Expoit Score||8.6||Authentification||None Required|
|Calculate full CVSS 2.0 Vectors scores|
An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-0037).
libreoffice for Mandriva Linux 2011 has been upgraded to the 3.4.6 version which is not vulnerable to this issue.
|Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:063|
CWE : Common Weakness Enumeration
CPE : Common Platform Enumeration