PT-2008-6111 · Oracle · Openoffice.Org
Christian Hoffmann
·
Publicado
2008-11-05
·
Atualizado
2017-08-08
·
CVE-2008-4937
CVSS v2.0
2.6
Baixa
| Vetor | AV:L/AC:H/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OpenOffice.org (OOo) version 2.4.1
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr temporary file. This is related to the
senddoc functionality in OpenOffice.org.Recommendations
For OpenOffice.org (OOo) version 2.4.1, consider restricting access to the
senddoc functionality until a patch is available. As a temporary workaround, avoid using the senddoc feature to minimize the risk of exploitation.Exploit
Correção
Link Following
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openoffice.Org