6.5

CVE-2012-0037

Exploit
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibrdfRaptor Version < 2.0.7
LibreofficeLibreoffice Version < 3.4.6
LibreofficeLibreoffice Version3.5.0
ApacheOpenoffice Version3.3.0
ApacheOpenoffice Version3.4.0 Updatebeta
FedoraprojectFedora Version16
FedoraprojectFedora Version17
RedhatStorage Version2.0
RedhatEnterprise Linux Eus Version6.2
DebianDebian Linux Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.68% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://secunia.com/advisories/60799
Broken Link
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
Third Party Advisory
http://secunia.com/advisories/50692
Broken Link
http://security.gentoo.org/glsa/glsa-201209-05.xml
Third Party Advisory
http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/
Release Notes
http://librdf.org/raptor/RELEASE.html#rel2_0_7
Release Notes
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html
Mailing List
http://rhn.redhat.com/errata/RHSA-2012-0410.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0411.html
Third Party Advisory
http://secunia.com/advisories/48479
Vendor Advisory
Broken Link
http://secunia.com/advisories/48493
Vendor Advisory
Broken Link
http://secunia.com/advisories/48494
Broken Link
http://secunia.com/advisories/48526
Vendor Advisory
Broken Link
http://secunia.com/advisories/48529
Vendor Advisory
Broken Link
http://secunia.com/advisories/48542
Vendor Advisory
Broken Link
http://secunia.com/advisories/48649
Broken Link
http://vsecurity.com/resources/advisory/20120324-1/
Broken Link
http://www.debian.org/security/2012/dsa-2438
Third Party Advisory
http://www.libreoffice.org/advisories/CVE-2012-0037/
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:061
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:062
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:063
Broken Link
http://www.openoffice.org/security/cves/CVE-2012-0037.html
Patch
Mitigation
http://www.openwall.com/lists/oss-security/2012/03/27/4
Exploit
Mailing List
http://www.osvdb.org/80307
Broken Link
http://www.securityfocus.com/bid/52681
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1026837
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/74235
Third Party Advisory
VDB Entry
https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0
Patch
https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E
Patch
Mailing List