| VID |
28214 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The host has been detected as installed a version of OpenOffice.org which is older than version 2.3.1. OpenOffice.org (OOo) Office Suite versions prior to 2.3.1 could allow a remote attacker to execute arbitrary code on the host, caused by a vulnerability in the HSQLDB database engine when processing a specially-crafted database document. By convincing a user to open a specially-crafted database document, a remote attacker could execute arbitrary static Java code on the affected host.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.openoffice.org/security/cves/CVE-2007-4575.html
http://www.frsirt.com/english/advisories/2007/4092
http://secunia.com/advisories/27928/
* Platforms Affected:
OpenOffice.org Source Project, OpenOffice.org Office Suite versions prior to 2.3.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of OpenOffice (2.3.1 or later), available from the OpenOffice.org Download Web site at http://download.openoffice.org/index.html |
| Related URL |
CVE-2007-4575 (CVE) |
| Related URL |
26703 (SecurityFocus) |
| Related URL |
38882 (ISS) |
|
