Wednesday, November 7, 2012

HTB23106: Multiple DoS vulnerabilities in LibreOffice

LibreOffice

LibreOffice Suite version 3.5.5.3 is vulnerable to Denial of Service (DoS) vulnerabilities.

Advisory ID: HTB23106
Product: LibreOffice Suite
Vendor: LibreOffice
Tested / Vulnerable Versions: 3.5.5.3 / 3.5.5.3 and probably prior
Vendor Notification / Patch / Public Disclosure dates: July 26 / October 18 / October 31, 2012
Vulnerability Type: NULL Pointer Dereference [CWE-476]
CVE Reference: CVE-2012-4233
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Solution Status: Fixed by Vendor
Risk Level: Low
Discovered and Provided: High-Tech Bridge Security Research Lab

Advisory Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LibreOffice which could be exploited to perform denial of service (DoS) attacks.

Multiple vulnerabilities in LibreOffice:

  1. NULL pointer dereference error was found in the vcllo.dll while processing .odt files. A remote attacker can create a specially crafted .odt file, trick a user into opening that file and terminate the application.

  2. Null pointer dereference error was found in svxcorelo.dll while processing the ODG (Drawing document) files. A remote attacker can create a specially crafted ODG file, trick a user into opening that file and terminate the application.

  3. Null pointer dereference error was found in tllo.dll when handling the PolyPolygon record within embedded .wmf file in the Microsoft PowerPoint 2003 (PPT) files. A remote attacker can create a specially crafted .ppt file, trick a user into opening that file and terminate the application.

  4. Null pointer dereference error was found in scfiltlo.dll while processing the Microsoft Excel 2003 (XLS) files. A remote attacker can create a specially crafted XLS file, trick a user into opening that file and terminate the application.

Proof of Concept (PoC) examples available in original advisory. See the link below.

Attack vectors

These vulnerabilities require that user opens a specially crafted file with an affected version of LibreOffice Suite software. An attacker could use several ways to deliver malicious file to the system.

In a web-based scenario, an attacker could host a file on a website or WebDav share and trick a user into downloading and opening this file.

In an email scenario, an attacker could exploit this vulnerability by sending an email with attached malicious file.

Solution:

Upgrade to LibreOffice 3.5.7.2
More Information:
http://www.libreoffice.org/advisories/cve-2012-4233/

Source advisory: High-Tech Bridge Advisory HTB23106 - Denial of Service Vulnerability in LibreOffice. It contains all technical details and description of vulnerabilities.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)