Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.OPENOFFICE_231.NASL
HistoryDec 05, 2007 - 12:00 a.m.

Sun OpenOffice.org < 2.3.1 Database HSQLDB Database Document Handling Arbitrary Java Code Execution

2007-12-0500:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
21
JSON

The remote host is running a version of Sun Microsystems OpenOffice.org that contains an arbitrary code execution vulnerability in its HSQLDB database engine. If a remote attacker can trick a user into opening a specially crafted database, this issue can be leveraged to execute arbitrary static Java code on the remote host subject to the userโ€™s privileges.

#
#  (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(29218);
  script_version("1.17");

  script_cve_id("CVE-2007-4575");
  script_bugtraq_id(26703);

  script_name(english:"Sun OpenOffice.org < 2.3.1 Database HSQLDB Database Document Handling Arbitrary Java Code Execution");
  script_summary(english:"Checks the version of Sun OpenOffice.org.");

 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a program that allows execution of
arbitrary code." );
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Sun Microsystems
OpenOffice.org that contains an arbitrary code execution vulnerability
in its HSQLDB database engine. If a remote attacker can trick a user
into opening a specially crafted database, this issue can be leveraged
to execute arbitrary static Java code on the remote host subject to
the user's privileges." );
 script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2007-4575.html" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Sun Microsystems OpenOffice.org version 2.3.1 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');
 script_cwe_id(94);
 script_set_attribute(attribute:"plugin_publication_date", value: "2007/12/05");
 script_cvs_date("Date: 2018/07/16 14:09:15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sun:openoffice.org");
script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");

  script_dependencies("openoffice_installed.nasl");
  script_require_keys("SMB/OpenOffice/Build");

  exit(0);
}

build = get_kb_item("SMB/OpenOffice/Build");
if (build)
{
  matches = eregmatch(string:build, pattern:"([0-9]+[a-z][0-9]+)\(Build:([0-9]+)\)");
  if (!isnull(matches))
  {
    buildid = int(matches[2]);
    if (buildid > 8950 && buildid < 9238) security_hole(get_kb_item("SMB/transport"));
  }
}
VendorProductVersionCPE
sunopenoffice.orgcpe:/a:sun:openoffice.org

Related

suse 1
fedora 9
securityvulns 2
debian 1
openvas 33
nessus 35
redhat 3
cve 2
debiancve 1
seebug 2
gentoo 1
prion 2
canvas 1
veracode 1
ubuntucve 1
centos 1
ubuntu 1
suse
suse
remote code execution in OpenOffice_org
2007-12-11 13:56:46
fedora
fedora
[SECURITY] Fedora Core 6 Update: openoffice.org-2.0.4-5.5.25
2007-12-07 17:31:39
[SECURITY] Fedora 8 Update: openoffice.org-2.3.0-6.7.fc8
2007-12-07 18:22:50
[SECURITY] Fedora 7 Update: openoffice.org-2.3.0-6.5.fc7
2007-12-07 18:17:15
securityvulns
securityvulns
[SECURITY] [DSA 1419-1] New OpenOffice.org packages fix arbitrary Java code execution
2007-12-05 00:00:00
hsqldb / OpenOffice code execution
2007-12-05 00:00:00
debian
debian
[SECURITY] [DSA 1419-1] New OpenOffice.org packages fix arbitrary Java code execution
2007-12-05 15:19:43
openvas
openvas
Fedora Update for hsqldb FEDORA-2007-4171
2009-02-24 00:00:00
Debian Security Advisory DSA 1419-1 (openoffice.org, hsqldb)
2008-01-17 00:00:00
SuSE Update for OpenOffice_org SUSE-SA:2007:067
2009-01-28 00:00:00
nessus
nessus
Scientific Linux Security Update : openoffice.org2 on SL4.5 i386/x86_64
2012-08-01 00:00:00
Debian DSA-1419-1 : openoffice.org - programming error
2007-12-07 00:00:00
Fedora Core 6 : openoffice.org-2.0.4-5.5.25 (2007-762)
2007-12-11 00:00:00
redhat
redhat
(RHSA-2007:1090) Moderate: openoffice.org2 security update
2007-12-05 00:00:00
(RHSA-2007:1048) Moderate: openoffice.org, hsqldb security update
2007-12-05 00:00:00
(RHSA-2008:0158) Moderate: JBoss Enterprise Application Platform security update
2008-03-24 00:00:00
cve
cve
CVE-2007-4575
2007-12-06 02:46:00
CVE-2007-4576
2008-01-29 02:00:00
debiancve
debiancve
CVE-2007-4575
2007-12-06 02:46:00
seebug
seebug
OpenOffice HSQLDB Database Engine Unspecified Java Code Execution Vulnerability
2008-01-01 00:00:00
OpenOffice HSQLDBๆ•ฐๆฎๅบ“ๅผ•ๆ“ŽJavaไปฃ็ ๆ‰ง่กŒๆผๆดž
2007-12-13 00:00:00
gentoo
gentoo
OpenOffice.org: User-assisted arbitrary code execution
2007-12-30 00:00:00
prion
prion
Design/Logic Flaw
2007-12-06 02:46:00
Design/Logic Flaw
2008-01-29 02:00:00
canvas
canvas
Immunity Canvas: OOO_230
2007-12-06 02:46:00
veracode
veracode
Remote Code Execution (RCE)
2018-09-05 01:13:14
ubuntucve
ubuntucve
CVE-2007-4575
2007-12-06 00:00:00
centos
centos
hsqldb, openoffice.org security update
2008-01-19 00:14:54
ubuntu
ubuntu
OpenOffice.org vulnerabilities
2008-05-06 00:00:00
JSON
Related for OPENOFFICE_231.NASL
suse1fedora9securityvulns2debian1openvas33nessus35redhat3cve2debiancve1seebug2gentoo1prion2canvas1veracode1ubuntucve1centos1ubuntu1