Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for openoffice.org-base CESA-2011:0182 centos5 x86_64

Information

Severity

Severity

Critical

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

9.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

11 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update for the 'openoffice.org-base' package(s) announced via the referenced advisory.

Insight

Insight

OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially-crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially-crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially-crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially-crafted TARGA file. If a document containing this specially-crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially-crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a '.' character could be included in the LD_LIBRARY_PATH variable, allowing a local attacker to execute ... Description truncated, please see the referenced URL(s) for more information.

Affected Software

Affected Software

openoffice.org-base on CentOS 5

Solution

Solution

Please install the updated packages.