Vulnerabilities > CVE-2017-12608 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1214.NASL description Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened. For Debian 7 last seen 2020-03-17 modified 2017-12-21 plugin id 105395 published 2017-12-21 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105395 title Debian DLA-1214-1 : libreoffice security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1214-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(105395); script_version("3.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2017-12607", "CVE-2017-12608"); script_name(english:"Debian DLA-1214-1 : libreoffice security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened. For Debian 7 'Wheezy', these problems have been fixed in version 1:3.5.4+dfsg2-0+deb7u10. We recommend that you upgrade your libreoffice packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/12/msg00017.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/libreoffice" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fonts-opensymbol"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-base-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-calc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-dev-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-draw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-emailmerge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-evolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-filter-binfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-filter-mobiledev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-gcj"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-gtk3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-ca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-cs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-da"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-de"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-dz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-en-gb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-en-us"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-es"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-et"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-eu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-fi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-fr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-gl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-hi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-hu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-it"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-ja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-km"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-ko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-nl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-om"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-pt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-pt-br"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-ru"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-sk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-sl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-sv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-zh-cn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-zh-tw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-impress"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-java-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-af"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-as"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ast"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-be"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-bg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-bn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-br"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-bs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-cs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-cy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-da"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-de"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-dz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-en-gb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-en-za"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-eo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-es"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-et"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-eu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-fa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-fi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-fr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-gl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-gu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-he"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-hi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-hr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-hu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-id"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-in"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-is"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-it"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-km"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ku"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-lt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-lv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-mk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-mn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-mr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-nb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ne"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-nl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-nn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-nr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-nso"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-oc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-om"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-or"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-pa-in"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-pt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-pt-br"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ro"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ru"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-rw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-si"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-sk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-sl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-sr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-st"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-sv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-te"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-tg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-th"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-tn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-tr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-uk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-uz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ve"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-vi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-xh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-za"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-zh-cn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-zh-tw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-zu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-math"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-mysql-connector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-officebean"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-ogltrans"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-pdfimport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-presentation-minimizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-presenter-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-report-builder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-report-builder-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-script-provider-bsh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-script-provider-js"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-script-provider-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-sdbc-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-style-crystal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-style-galaxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-style-hicontrast"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-style-oxygen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-style-tango"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-wiki-publisher"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-writer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openoffice.org-dtd-officedocument1.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-uno"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-uno"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ttf-opensymbol"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"fonts-opensymbol", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-base", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-base-core", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-calc", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-common", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-core", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-dbg", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-dev", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-dev-doc", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-draw", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-emailmerge", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-evolution", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-filter-binfilter", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-filter-mobiledev", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-gcj", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-gnome", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-gtk", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-gtk3", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-ca", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-cs", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-da", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-de", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-dz", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-el", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-en-gb", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-en-us", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-es", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-et", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-eu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-fi", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-fr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-gl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-hi", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-hu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-it", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-ja", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-km", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-ko", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-nl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-om", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-pl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-pt", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-pt-br", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-ru", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-sk", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-sl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-sv", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-zh-cn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-zh-tw", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-impress", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-java-common", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-kde", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-af", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ar", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-as", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ast", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-be", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-bg", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-bn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-br", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-bs", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ca", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-cs", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-cy", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-da", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-de", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-dz", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-el", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-en-gb", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-en-za", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-eo", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-es", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-et", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-eu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-fa", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-fi", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-fr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ga", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-gl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-gu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-he", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-hi", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-hr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-hu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-id", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-in", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-is", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-it", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ja", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ka", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-km", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ko", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ku", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-lt", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-lv", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-mk", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ml", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-mn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-mr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-nb", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ne", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-nl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-nn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-nr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-nso", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-oc", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-om", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-or", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-pa-in", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-pl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-pt", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-pt-br", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ro", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ru", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-rw", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-si", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-sk", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-sl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-sr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ss", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-st", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-sv", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ta", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-te", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-tg", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-th", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-tn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-tr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ts", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ug", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-uk", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-uz", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ve", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-vi", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-xh", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-za", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-zh-cn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-zh-tw", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-zu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-math", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-mysql-connector", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-officebean", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-ogltrans", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-pdfimport", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-presentation-minimizer", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-presenter-console", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-report-builder", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-report-builder-bin", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-script-provider-bsh", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-script-provider-js", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-script-provider-python", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-sdbc-postgresql", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-style-crystal", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-style-galaxy", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-style-hicontrast", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-style-oxygen", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-style-tango", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-wiki-publisher", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-writer", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"openoffice.org-dtd-officedocument1.0", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"python-uno", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"python3-uno", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"ttf-opensymbol", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3472-1.NASL description Marcin Noga discovered that LibreOffice incorrectly handled PPT documents. If a user were tricked into opening a specially crafted PPT document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2017-12607) Marcin Noga discovered that LibreOffice incorrectly handled Word documents. If a user were tricked into opening a specially crafted Word document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2017-12608). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 104377 published 2017-11-03 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104377 title Ubuntu 14.04 LTS : libreoffice vulnerabilities (USN-3472-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4022.NASL description Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened. last seen 2020-06-01 modified 2020-06-02 plugin id 104465 published 2017-11-09 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104465 title Debian DSA-4022-1 : libreoffice - security update NASL family Windows NASL id OPENOFFICE_414.NASL description The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.4. It is, therefore, affected by multiple Out-of-Bounds vulnerabilities and a file disclosure vulnerability in Calc/Writer. last seen 2020-06-01 modified 2020-06-02 plugin id 104351 published 2017-11-02 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104351 title Apache OpenOffice < 4.1.4 Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_27229C67B8FF11E79F79AC9E174BE3AF.NASL description The Apache Openofffice project reports : CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user last seen 2020-06-01 modified 2020-06-02 plugin id 104162 published 2017-10-26 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104162 title FreeBSD : Apache OpenOffice -- multiple vulnerabilities (27229c67-b8ff-11e7-9f79-ac9e174be3af)
Seebug
bulletinFamily | exploit |
description | ### Summary An exploitable out-of-bounds write vulnerability exists in the WW8RStyle::ImportOldFormatStyles functionality of Apache OpenOffice 4.1.3. A specially crafted doc file can cause a out-of-bounds write resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability. ### Tested Versions Apache OpenOffice 4.1.3 ### Product URLs http://www.openoffice.org/ ### CVSSv3 Score 8.3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H ### CWE CWE-787 - Out-of-bounds Write ### Details This vulnerability is present in Apache OpenOffice (formerly OpenOffice.org), a free open source office suite. A specially crafted DOC file can lead to an out-of-bounds write and ultimately to remote code execution. Let's investigate this vulnerability. After opening Writer with a malformed doc file we see the following state: ``` gdb-peda$ context [----------------------------------registers-----------------------------------] EAX: 0xab73dffc --> 0x0 EBX: 0xab90d3fc --> 0x15ecc8 ECX: 0xbfffd0d8 --> 0xab73849c --> 0x106 EDX: 0xb6c ('l\x0b') ESI: 0xb6c ('l\x0b') EDI: 0xbfffd0d8 --> 0xab73849c --> 0x106 EBP: 0xbfffd138 --> 0xbfffd158 --> 0xbfffd1a8 --> 0xbfffd3e8 --> 0xbfffd6a8 (0xbfffd738) ESP: 0xbfffd050 --> 0xb7fff000 --> 0x23f3c EIP: 0xab887c90 (mov BYTE PTR [eax+0x4],0x0) EFLAGS: 0x210286 (carry PARITY adjust zero SIGN trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0xab887c87: mov eax,edi 0xab887c89: mov edx,esi 0xab887c8b: call 0xab886212 => 0xab887c90: mov BYTE PTR [eax+0x4],0x0 0xab887c94: mov al,BYTE PTR [ebp-0x10] 0xab887c97: mov BYTE PTR [ebp-0xd1],al 0xab887c9d: inc al 0xab887c9f: je 0xab887d2c [------------------------------------stack-------------------------------------] 0000| 0xbfffd050 --> 0xb7fff000 --> 0x23f3c 0004| 0xbfffd054 --> 0x82587d8 --> 0xab7ae000 --> 0x464c457f 0008| 0xbfffd058 --> 0xbfffd070 --> 0x20001 0012| 0xbfffd05c --> 0xab7b875e ("_ZN14SvxLRSpaceItemC1Et") 0016| 0xbfffd060 --> 0x0 0020| 0xbfffd064 --> 0xffd104 0024| 0xbfffd068 --> 0xb7837c7b (<__pthread_mutex_unlock_usercnt+11>: add edi,0x10385) 0028| 0xbfffd06c --> 0xb7fd0af8 --> 0x1bf974 [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV gdb-peda$ bt #0 0xab887c90 in ?? () from /opt/openoffice4/program/libmsword.so #1 0xab888507 in ?? () from /opt/openoffice4/program/libmsword.so #2 0xab88d9a3 in ?? () from /opt/openoffice4/program/libmsword.so #3 0xab876b17 in ?? () from /opt/openoffice4/program/libmsword.so #4 0xab8786ec in ?? () from /opt/openoffice4/program/libmsword.so #5 0xab878a8b in ?? () from /opt/openoffice4/program/libmsword.so #6 0xab879f9a in ?? () from /opt/openoffice4/program/libmsword.so #7 0xac162c7b in ?? () from /opt/openoffice4/program/../program/libsw.so #8 0xac21c730 in ?? () from /opt/openoffice4/program/../program/libsw.so #9 0xb7408b73 in SfxObjectShell::DoLoad(SfxMedium*) () from /opt/openoffice4/program/libsfx.so #10 0xb7434353 in SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /opt/openoffice4/program/libsfx.so #11 0xb749aaa4 in ?? () from /opt/openoffice4/program/libsfx.so #12 0xb4e0c621 in ?? () from /opt/openoffice4/program/libfwk.so #13 0xb4e0cf19 in ?? () from /opt/openoffice4/program/libfwk.so #14 0xb4dbec7a in ?? () from /opt/openoffice4/program/libfwk.so #15 0xb4dbeec4 in ?? () from /opt/openoffice4/program/libfwk.so #16 0xb77b7715 in comphelper::SynchronousDispatch::dispatch(com::sun::star::uno::Reference<com::sun::star::uno ::XInterface> const&, rtl::OUString const&, rtl::OUString const&, long, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) ()from /opt/openoffice4/program/libcomphelpgcc3.so #17 0xb7dd9bf4 in ?? () from /opt/openoffice4/program/libsofficeapp.so #18 0xb7de2a92 in ?? () from /opt/openoffice4/program/libsofficeapp.so #19 0xb7dc61cd in ?? () from /opt/openoffice4/program/libsofficeapp.so #20 0xb7dc650b in ?? () from /opt/openoffice4/program/libsofficeapp.so #21 0xb7dc65b3 in ?? () from /opt/openoffice4/program/libsofficeapp.so #22 0xb64784dd in ?? () from /opt/openoffice4/program/libvcl.so #23 0xb66dd92e in ?? () from /opt/openoffice4/program/libvcl.so #24 0xb2fb7de9 in ?? () from /opt/openoffice4/program/libvclplug_gen.so #25 0xb2fc3b52 in SalDisplay::DispatchInternalEvent() () from /opt/openoffice4/program/libvclplug_gen.so #26 0xb3074fa9 in ?? () from /opt/openoffice4/program/libvclplug_gtk.so #27 0xb3074fd8 in ?? () from /opt/openoffice4/program/libvclplug_gtk.so #28 0xb2d82610 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0 #29 0xb2d85d9b in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0 #30 0xb2d86189 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0 #31 0xb2d86254 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0 #32 0xb3074d80 in ?? () from /opt/openoffice4/program/libvclplug_gtk.so #33 0xb2fcafb9 in X11SalInstance::Yield(bool, bool) () from /opt/openoffice4/program/libvclplug_gen.so #34 0xb6484ff2 in ?? () from /opt/openoffice4/program/libvcl.so #35 0xb6481dbe in Application::Yield(bool) () from /opt/openoffice4/program/libvcl.so #36 0xb6483ccb in Application::Execute() () from /opt/openoffice4/program/libvcl.so #37 0xb7dc32a0 in ?? () from /opt/openoffice4/program/libsofficeapp.so #38 0xb6488d8b in ?? () from /opt/openoffice4/program/libvcl.so #39 0xb6488e79 in SVMain() () from /opt/openoffice4/program/libvcl.so #40 0xb7de3e10 in soffice_main () from /opt/openoffice4/program/libsofficeapp.so #41 0x08048c84 in main () #42 0xb789a637 in __libc_start_main (main=0xab9bf618, argc=0xab8884df, argv=0xab90d3fc, init=0xab963010, fini=0xbfffd1a8, rtld_fini=0xab88d9a3, stack_end=0xaae2c5a8) at ../csu/libc- start.c:291 The write to `eax+0x4` causes an access violation because : gdb-peda$ vmmap $eax+4 Start End Perm Name 0xab73e000 0xab795000 r-xp /opt/openoffice4/program/libunoxml.so Let's investigate the vulnerable code: sw\source\filter\ww8\ww8par2.cxx Line 4462 void WW8RStyle::ImportOldFormatStyles() { (...) Line 4474 sal_uInt16 cstcStd; Line 4475 rSt >> cstcStd; Line 4476 Line 4477 sal_uInt16 cbName; Line 4478 rSt >> cbName; Line 4479 sal_uInt16 nByteCount = 2; Line 4480 sal_uInt16 stcp=0; Line 4481 while (nByteCount < cbName) { (...) Line 4518 stcp++ } (...) Line 4521 sal_uInt16 nStyles=stcp; Line 4522 Line 4523 std::vector<pxoffset> aCHPXOffsets(stcp); Line 4524 sal_uInt16 cbChpx; Line 4525 rSt >> cbChpx; Line 4526 nByteCount = 2; Line 4527 stcp=0; Line 4528 std::vector< std::vector<sal_uInt8> > aConvertedChpx; Line 4529 while (nByteCount < cbChpx) Line 4530 { Line 4531 sal_uInt8 cb; Line 4532 rSt >> cb; Line 4533 nByteCount++; Line 4534 Line 4535 aCHPXOffsets[stcp].mnSize = 0; (...) Line 4553 stcp++; } ``` At `line 4480` we see that `stcp` is initialized with a 0 value. Next, if read directly from the file, `cbName` value won't be bigger than 2, `stcp` won't be increased and stay with initialized value (0). Based on `stcp` at `line 4523`, the `aCHPXOffsets` vector is allocated. The `cbChpx` variable value is read directly from the file at `line 4525` and then used as a constrain in a while loop. The while loop will be executed as many times as indicated by `cbChpx`, there is no check to see whether its value is greater than `stcp`, which leads to an out-of-bounds write at `line 4535`. That situation causes memory corruption and can lead to arbitrary code execution by the attacker. ``` Values for significant variables are coming from offset 0xFF: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 000000F0 09 . 00000100 00 00 00 00 88 88 00 05 ...... cstcStd = WORD 09 00 cbName = WORD 00 00 cbChpx = WORD 88 88 ``` ### Crash Information ``` gdb-peda$ context [----------------------------------registers-----------------------------------] EAX: 0xab73dffc --> 0x0 EBX: 0xab90d3fc --> 0x15ecc8 ECX: 0xbfffd0d8 --> 0xab73849c --> 0x106 EDX: 0xb6c ('l\x0b') ESI: 0xb6c ('l\x0b') EDI: 0xbfffd0d8 --> 0xab73849c --> 0x106 EBP: 0xbfffd138 --> 0xbfffd158 --> 0xbfffd1a8 --> 0xbfffd3e8 --> 0xbfffd6a8 (0xbfffd738) ESP: 0xbfffd050 --> 0xb7fff000 --> 0x23f3c EIP: 0xab887c90 (mov BYTE PTR [eax+0x4],0x0) EFLAGS: 0x210286 (carry PARITY adjust zero SIGN trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0xab887c87: mov eax,edi 0xab887c89: mov edx,esi 0xab887c8b: call 0xab886212 => 0xab887c90: mov BYTE PTR [eax+0x4],0x0 0xab887c94: mov al,BYTE PTR [ebp-0x10] 0xab887c97: mov BYTE PTR [ebp-0xd1],al 0xab887c9d: inc al 0xab887c9f: je 0xab887d2c [------------------------------------stack-------------------------------------] 0000| 0xbfffd050 --> 0xb7fff000 --> 0x23f3c 0004| 0xbfffd054 --> 0x82587d8 --> 0xab7ae000 --> 0x464c457f 0008| 0xbfffd058 --> 0xbfffd070 --> 0x20001 0012| 0xbfffd05c --> 0xab7b875e ("_ZN14SvxLRSpaceItemC1Et") 0016| 0xbfffd060 --> 0x0 0020| 0xbfffd064 --> 0xffd104 0024| 0xbfffd068 --> 0xb7837c7b (<__pthread_mutex_unlock_usercnt+11>: add edi,0x10385) 0028| 0xbfffd06c --> 0xb7fd0af8 --> 0x1bf974 [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV gdb-peda$ exploitable -m Warning: machine string printing is deprecated and may be removed in a future release. EXCEPTION_FAULTING_ADDRESS:0x000000ab73e000 EXCEPTION_CODE:0xb FAULTING_INSTRUCTION:mov BYTE PTR [eax+0x4],0x0 MAJOR_HASH:267590b160c1d882cadfa5981b70941e MINOR_HASH:79312db15af9cfd3ad94d7a16227d7d3 STACK_DEPTH:42 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsw.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsw.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsfx.so!SfxObjectShell::DoLoad(SfxMedium*)+ 0x0 STACK_FRAME:/opt/openoffice4/program/libsfx.so!SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)+0x0 STACK_FRAME:/opt/openoffice4/program/libsfx.so+0x0 STACK_FRAME:/opt/openoffice4/program/libfwk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libfwk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libfwk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libfwk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libcomphelpgcc3.so!comphelper::Synchronous Dispatch::dispatch(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const&, rtl::OUString const&, rtl::OUString const&, long, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)+0x0 STACK_FRAME:/opt/openoffice4/program/libcomphelpgcc3.so!comphelper::SynchronousDispatch::dispatch STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gen.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gen.so!SalDisplay::DispatchInternalEv ent()+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gtk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gtk.so+0x0 STACK_FRAME:/lib/i386-linux-gnu/libglib-2.0.so.0.4800.2+0x0 STACK_FRAME:/lib/i386-linux-gnu/libglib-2.0.so.0.4800.2!g_main_context_dispatch+0x0 STACK_FRAME:/lib/i386-linux-gnu/libglib-2.0.so.0.4800.2+0x0 STACK_FRAME:/lib/i386-linux-gnu/libglib-2.0.so.0.4800.2!g_main_context_iteration+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gtk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gen.so!X11SalInstance::Yield(bool, bool)+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so!Application::Yield(bool)+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so!Application::Execute()+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so!SVMain()+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so!soffice_main+0x0 STACK_FRAME:/opt/openoffice4/program/soffice.bin!main+0x0 INSTRUCTION_ADDRESS:0x000000ab887c90 INVOKING_STACK_FRAME:0 DESCRIPTION:Access violation on destination operand SHORT_DESCRIPTION:DestAv (9/29) OTHER_RULES:AccessViolation (28/29) CLASSIFICATION:EXPLOITABLE EXPLANATION:The target crashed on an access violation at an address matching the destination operand of the instruction. This likely indicates a write access violation, which means the attacker may control the write address and/or value. Description: Access violation on destination operand Short description: DestAv (9/29) Hash: 267590b160c1d882cadfa5981b70941e.79312db15af9cfd3ad94d7a16227d7d3 Exploitability Classification: EXPLOITABLE Explanation: The target crashed on an access violation at an address matching the destination operand of the instruction. This likely indicates a write access violation, which means the attacker may control the write address and/or value. Other tags: AccessViolation (28/29) ``` ### Timeline * 2017-04-05 - Vendor Disclosure * 2017-10-26 - Public Release |
id | SSV:96798 |
last seen | 2017-11-19 |
modified | 2017-11-06 |
published | 2017-11-06 |
reporter | Root |
title | Apache OpenOffice DOC ImportOldFormatStyles Code Execution Vulnerability(CVE-2017-12608) |
Talos
id | TALOS-2017-0301 |
last seen | 2019-05-29 |
published | 2017-10-26 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0301 |
title | Apache OpenOffice DOC ImportOldFormatStyles Code Execution Vulnerability |
References
- http://www.securityfocus.com/bid/101585
- http://www.securityfocus.com/bid/101585
- http://www.securitytracker.com/id/1039733
- http://www.securitytracker.com/id/1039733
- http://www.securitytracker.com/id/1039735
- http://www.securitytracker.com/id/1039735
- https://lists.debian.org/debian-lts-announce/2017/12/msg00017.html
- https://lists.debian.org/debian-lts-announce/2017/12/msg00017.html
- https://www.debian.org/security/2017/dsa-4022
- https://www.debian.org/security/2017/dsa-4022
- https://www.openoffice.org/security/cves/CVE-2017-12608.html
- https://www.openoffice.org/security/cves/CVE-2017-12608.html