Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:118: OpenOffice.org Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the OpenOffice.org package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:118 (OpenOffice.org).
OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit
attackers to conduct unauthorized activities via an OpenOffice document with
a malicious BASIC macro, which is executed without prompting the user.
An unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x up to
1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to escape the
Java sandbox and conduct unauthorized activities via certain applets in
OpenOffice documents. (CVE-2006-2199)
Heap-based buffer overflow in OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x
before 2.0.3 allows user-complicit attackers to execute arbitrary code via a
crafted OpenOffice XML document that is not properly handled by (1) Calc,
(2) Draw, (3) Impress, (4) Math, or (5) Writer, aka 'File Format / Buffer
Overflow Vulnerability.' (CVE-2006-3117)
Updated packages are patched to address this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:118
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.