Lösungen für Schwachstellen

Die regelmäßigen Schwachstellenüberprüfungen von Nimsoft Cloud Monitor suchen die folgende Schwachstelle. Auf der Überblickseite Lösungen für Schwachstellen können Sie die zuletzt hinzugefügten Lösungen für Schwachstellen, die von Nimsoft Cloud Monitor überprüft werden, einsehen.

Kategorie: Mandriva Local Security Checks Risikofaktor: High Hinzugefügt am: 8 Mär 2010
Synopsis:

The remote host is missing the patch for the advisory MDVSA-2010:056 (openoffice.org).

Description:

This update provides the OpenOffice.org 3.0 major version and holds the security fixes for the following issues: An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document leading to a heap-based buffer overflow (CVE-2009-0200). An heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document related to table parsing. (CVE-2009-0201). Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file (CVE-2009-2140). OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736). Additional packages are also being provided due to dependencies. Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

See also:

http://wwwnew.mandriva.com/security/advisories?name=MDVSA-2010:056

Solution:

Apply the newest security patches from Mandriva.

Risk factor:

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)