ID de Prueba:	1.3.6.1.4.1.25623.1.0.60902
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:095 (openoffice.org)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to openoffice.org announced via advisory MDVSA-2008:095. A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could allow user-assisted remote attackers to execute arbitrary Java code via crafted database documents (CVE-2007-4575). A heap overflow was discovered in OpenOffice.org's EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or potentially execute arbitrary code if the malicious EMF image was added to a document or if a document containing such an EMF file was opened (CVE-2007-5746). Multiple heap overflows and an integer underflow were discovered in the Quattro Pro(R) import filter. An attacker could create a carefully crafted Quattro Pro file that could cause OpenOffice.org ro crash or potentially execute arbitraty code (CVE-2007-5745, CVE-2007-5747). A heap overflow was discovered in the OLE Structured Storage file parser, a format used by Microsoft Office documents. An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or potentially execute arbitrary code (CVE-2008-0320). The updated packages have been patched to correct these issues. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:095 Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4575 1019041 http://www.securitytracker.com/id?1019041 103141 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1 200637 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1 26703 http://www.securityfocus.com/bid/26703 27914 http://secunia.com/advisories/27914 27916 http://secunia.com/advisories/27916 27928 http://secunia.com/advisories/27928 27931 http://secunia.com/advisories/27931 27972 http://secunia.com/advisories/27972 28018 http://secunia.com/advisories/28018 28039 http://secunia.com/advisories/28039 28286 http://secunia.com/advisories/28286 28585 http://secunia.com/advisories/28585 30100 http://secunia.com/advisories/30100 ADV-2007-4092 http://www.vupen.com/english/advisories/2007/4092 ADV-2007-4146 http://www.vupen.com/english/advisories/2007/4146 DSA-1419 http://www.debian.org/security/2007/dsa-1419 FEDORA-2007-4119 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.html FEDORA-2007-4120 http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html FEDORA-2007-4171 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.html FEDORA-2007-4172 http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html FEDORA-2007-762 http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html GLSA-200712-25 http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml MDVSA-2008:095 http://www.mandriva.com/security/advisories?name=MDVSA-2008:095 RHSA-2007:1048 http://www.redhat.com/support/errata/RHSA-2007-1048.html RHSA-2007:1090 http://www.redhat.com/support/errata/RHSA-2007-1090.html RHSA-2008:0151 http://www.redhat.com/support/errata/RHSA-2008-0151.html RHSA-2008:0158 http://www.redhat.com/support/errata/RHSA-2008-0158.html RHSA-2008:0213 http://www.redhat.com/support/errata/RHSA-2008-0213.html SUSE-SA:2007:067 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html USN-609-1 http://www.ubuntu.com/usn/usn-609-1 http://bugs.gentoo.org/show_bug.cgi?id=200771 http://bugs.gentoo.org/show_bug.cgi?id=201799 http://www.openoffice.org/security/cves/CVE-2007-4575.html openoffice-hsqldb-code-execution(38882) https://exchange.xforce.ibmcloud.com/vulnerabilities/38882 oval:org.mitre.oval:def:10153 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10153 Common Vulnerability Exposure (CVE) ID: CVE-2007-5746 BugTraq ID: 28819 http://www.securityfocus.com/bid/28819 Debian Security Information: DSA-1547 (Google Search) http://www.debian.org/security/2008/dsa-1547 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00448.html http://security.gentoo.org/glsa/glsa-200805-16.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=692 http://www.mandriva.com/security/advisories?name=MDVSA-2008:090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10249 http://www.redhat.com/support/errata/RHSA-2008-0175.html http://www.redhat.com/support/errata/RHSA-2008-0176.html http://www.securitytracker.com/id?1019892 http://secunia.com/advisories/29844 http://secunia.com/advisories/29852 http://secunia.com/advisories/29864 http://secunia.com/advisories/29871 http://secunia.com/advisories/29910 http://secunia.com/advisories/29913 http://secunia.com/advisories/29987 http://secunia.com/advisories/30179 http://sunsolve.sun.com/search/document.do?assetkey=1-66-231661-1 SuSE Security Announcement: SUSE-SA:2008:023 (Google Search) http://www.novell.com/linux/security/advisories/2008_23_openoffice.html http://www.vupen.com/english/advisories/2008/1253/references http://www.vupen.com/english/advisories/2008/1375/references XForce ISS Database: openoffice-emf-bo(41861) https://exchange.xforce.ibmcloud.com/vulnerabilities/41861 Common Vulnerability Exposure (CVE) ID: CVE-2007-5745 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=691 https://bugzilla.redhat.com/show_bug.cgi?id=435678 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11006 http://www.securitytracker.com/id?1019891 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231601-1 XForce ISS Database: openoffice-quattropro-bo(41863) https://exchange.xforce.ibmcloud.com/vulnerabilities/41863 Common Vulnerability Exposure (CVE) ID: CVE-2007-5747 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=693 https://bugzilla.redhat.com/show_bug.cgi?id=435681 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11298 XForce ISS Database: openoffice-quattropro-code-execution(41881) https://exchange.xforce.ibmcloud.com/vulnerabilities/41881 Common Vulnerability Exposure (CVE) ID: CVE-2008-0320 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10318 http://www.securitytracker.com/id?1019890 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231642-1 XForce ISS Database: openoffice-ole-bo(41860) https://exchange.xforce.ibmcloud.com/vulnerabilities/41860
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.