Executive Summary
Summary | |
---|---|
Title | LibreOffice vulnerability |
Informations | |||
---|---|---|---|
Name | USN-1536-1 | First vendor Publication | 2012-08-13 |
Vendor | Ubuntu | Last vendor Modification | 2012-08-13 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 Summary: LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - libreoffice: Office productivity suite Details: It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: Ubuntu 11.10: Ubuntu 11.04: After a standard system update you need to restart LibreOffice to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1536-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17974 | |||
Oval ID: | oval:org.mitre.oval:def:17974 | ||
Title: | USN-1536-1 -- libreoffice vulnerability | ||
Description: | LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1536-1 CVE-2012-2665 | Version: | 5 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 | Product(s): | libreoffice |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18059 | |||
Oval ID: | oval:org.mitre.oval:def:18059 | ||
Title: | USN-1537-1 -- openoffice.org vulnerability | ||
Description: | OpenOffice.org could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1537-1 CVE-2012-2665 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | openoffice.org |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19447 | |||
Oval ID: | oval:org.mitre.oval:def:19447 | ||
Title: | DSA-2520-1 openoffice.org - Multiple heap-based buffer overflows | ||
Description: | Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2520-1 CVE-2012-2665 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openoffice.org |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-24 | Name : LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Mac OS X) File : nvt/gb_libreoffice_xml_manifest_bof_vuln_macosx.nasl |
2012-12-24 | Name : LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows) File : nvt/gb_libreoffice_xml_manifest_bof_vuln_win.nasl |
2012-12-24 | Name : OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows) File : nvt/gb_openoffice_mult_bof_vuln_dec12_win.nasl |
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-05 (libreoffice) File : nvt/glsa_201209_05.nasl |
2012-08-14 | Name : Fedora Update for libreoffice FEDORA-2012-11402 File : nvt/gb_fedora_2012_11402_libreoffice_fc16.nasl |
2012-08-14 | Name : Ubuntu Update for libreoffice USN-1536-1 File : nvt/gb_ubuntu_USN_1536_1.nasl |
2012-08-14 | Name : Ubuntu Update for openoffice.org USN-1537-1 File : nvt/gb_ubuntu_USN_1537_1.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2520-1 (openoffice.org) File : nvt/deb_2520_1.nasl |
2012-08-03 | Name : CentOS Update for autocorr-af CESA-2012:1135 centos6 File : nvt/gb_CESA-2012_1135_autocorr-af_centos6.nasl |
2012-08-03 | Name : CentOS Update for openoffice.org-base CESA-2012:1136 centos5 File : nvt/gb_CESA-2012_1136_openoffice.org-base_centos5.nasl |
2012-08-03 | Name : RedHat Update for libreoffice RHSA-2012:1135-01 File : nvt/gb_RHSA-2012_1135-01_libreoffice.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-09-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1135.nasl - Type : ACT_GATHER_INFO |
2012-12-14 | Name : The remote host has an application installed that is affected by multiple vul... File : lotus_symphony_3_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
2012-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-05.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-123.nasl - Type : ACT_GATHER_INFO |
2012-08-30 | Name : The remote Windows host has a program affected by multiple heap-based buffer ... File : openoffice_341.nasl - Type : ACT_GATHER_INFO |
2012-08-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1536-1.nasl - Type : ACT_GATHER_INFO |
2012-08-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1537-1.nasl - Type : ACT_GATHER_INFO |
2012-08-13 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11402.nasl - Type : ACT_GATHER_INFO |
2012-08-06 | Name : The remote host contains an application that is affected by multiple buffer o... File : libreoffice_355.nasl - Type : ACT_GATHER_INFO |
2012-08-06 | Name : The remote host contains an application that is affected by multiple buffer o... File : macosx_libreoffice_355.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1135.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2520.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120801_libreoffice_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120801_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1136.nasl - Type : ACT_GATHER_INFO |
2012-08-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1135.nasl - Type : ACT_GATHER_INFO |
2012-08-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1136.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:00:34 |
|