CVE-2012-0037

Name of the Vulnerable Software and Affected Versions Redland Raptor (aka libraptor) versions prior to 2.0.7 LibreOffice versions prior to 3.4.6 and 3.5.x prior to 3.5.1 OpenOffice versions 3.3 and 3.4 Beta

Description The issue allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. This can lead to the disclosure of confidential information. The exploitation of this issue requires active actions from the user.

Recommendations For Redland Raptor (aka libraptor) versions prior to 2.0.7, update to version 2.0.7 or later. For LibreOffice versions prior to 3.4.6, update to version 3.4.6 or later. For LibreOffice version 3.5.x prior to 3.5.1, update to version 3.5.1 or later. For OpenOffice versions 3.3 and 3.4 Beta, consider updating to a newer version that is not affected by this issue, as specific fixes for these versions may not be available. As a temporary workaround, consider restricting the use of RDF documents and XML external entity declarations until a patch is available.