The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.15. It is, therefore, affected by multiple vulnerabilities as stated in the vendor advisories and release notes.
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of Apache OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of 2022-47502. (CVE-2023-47804)
An attacker can craft an OBD containing a ‘database/script’ file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. (CVE-2023-1183)
In Apache OpenOffice and LibreOffice embedded content will be opened automatically without that a warning is shown. (CVE-2012-5639)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(187658);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id(
"CVE-2012-5639",
"CVE-2022-43680",
"CVE-2023-1183",
"CVE-2023-47804"
);
script_xref(name:"IAVA", value:"2024-A-0001");
script_name(english:"Apache OpenOffice < 4.1.15 Multiple Vulnerabilities (macOS)");
script_set_attribute(attribute:"synopsis", value:
"The remote Mac OSX host has an application installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Apache OpenOffice installed on the remote host is a
version prior to 4.1.15. It is, therefore, affected by multiple vulnerabilities as
stated in the vendor advisories and release notes.
- Apache OpenOffice documents can contain links that call internal macros with arbitrary
arguments. Several URI Schemes are defined for this purpose. Links can be activated by
clicks, or by automatic document events. The execution of such links must be subject
to user approval. In the affected versions of Apache OpenOffice, approval for certain
links is not requested; when activated, such links could therefore result in arbitrary
script execution. This is a corner case of 2022-47502. (CVE-2023-47804)
- An attacker can craft an OBD containing a 'database/script' file with a SCRIPT command
where the contents of the file could be written to a new file whose location was determined
by the attacker. (CVE-2023-1183)
- In Apache OpenOffice and LibreOffice embedded content will be opened automatically without
that a warning is shown. (CVE-2012-5639)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://www.openoffice.org/security/cves/CVE-2022-38745.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f8e60620");
# https://www.openoffice.org/security/cves/CVE-2022-47502.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f8552ad5");
# https://www.openoffice.org/security/cves/CVE-2022-40674.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?18ed09c1");
# https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.14+Release+Notes
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?86f9bcc9");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apache OpenOffice version 4.1.15 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5639");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-47804");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/24");
script_set_attribute(attribute:"patch_publication_date", value:"2023/12/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:openoffice");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macos_openoffice_installed.nbin");
script_require_keys("installed_sw/OpenOffice");
exit(0);
}
include('vcf_extras.inc');
var app_info = vcf::get_app_info(app:'OpenOffice');
var constraints = [{'fixed_version': '4.1.15'}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
apache | openoffice | cpe:/a:apache:openoffice |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1183
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47804
www.nessus.org/u?18ed09c1
www.nessus.org/u?86f9bcc9
www.nessus.org/u?f8552ad5
www.nessus.org/u?f8e60620