CVE-2012-0037
MEDIUM severity · CVSS 6.5 · XML external entity (XXE)
6.5CVSS MEDIUM
Summary
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactHigh
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)14%
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products we track (2)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/48479Advisory
- http://secunia.com/advisories/48493Advisory
- http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/
- http://librdf.org/raptor/RELEASE.html#rel2_0_7
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html
- http://rhn.redhat.com/errata/RHSA-2012-0410.htmlAdvisory
- http://rhn.redhat.com/errata/RHSA-2012-0411.htmlAdvisory