SB2017110901 - Debian update for libreoffice

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017110901

SB2017110901 - Debian update for libreoffice

Published: November 9, 2017

Security Bulletin ID SB2017110901
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2017-12607)

The vulnerability allows a remote attacker can execute arbitrary code on the target system.

The weakness exists due to boundary error in the PPTStyleSheet::PPTStyleSheet functionality. A remote attacker can send a specially crafted .ppt file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

2) Out-of-bounds write (CVE-ID: CVE-2017-12608)

The vulnerability allows a remote attacker can execute arbitrary code on the target system.

The weakness exists due to boundary error in the WW8RStyle::ImportOldFormatStyles functionality. A remote attacker can send a specially crafted .doc file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References