| VID |
28150 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The OpenOffice.org has multiple vulnerabilities which exist in versions prior to 2.0.3. OpenOffice.org is a open source office suite, including word processor, spreadsheet, presentation, vector drawing and database components. OpenOffice.org versions prior to 2.0.3 are vulnerable to multiple vulnerabilities. An attacker could exploit these vulnerabilities by sending the malicious OpenOffice document to a victim as an email messages or hosting it on a Web site. A remote attacker who successfully exploited the most severe of these vulnerabilities could execute arbitrary code on the vulnerable system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.openoffice.org/security/CVE-2006-2198.html
http://www.openoffice.org/security/CVE-2006-2199.html
http://www.openoffice.org/security/CVE-2006-3117.html
http://www.frsirt.com/english/advisories/2006/2607
http://secunia.com/advisories/20867/
* Platforms Affected:
OpenOffice.org versions prior to 2.0.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of OpenOffice.org (2.0.3 or later), available from the OpenOffice.org Web site at http://download.openoffice.org/2.0.3/index.html |
| Related URL |
CVE-2006-3117,CVE-2006-2198,CVE-2006-2199 (CVE) |
| Related URL |
18737,18738,18739 (SecurityFocus) |
| Related URL |
27571,27564,27569 (ISS) |
|
