ID CVE-2016-6803
Summary An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.
Vulnerable Configurations
  • Apache Software Foundation OpenOffice 4.1.2
  • Microsoft Windows
Base: 9.3
  • Leveraging/Manipulating Configuration File Search Paths
    This attack loads a malicious resource into a program's standard path used to bootstrap and/or provide contextual information for a program like a path variable or classpath. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker. A standard UNIX path looks similar to this If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers' behalf: This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution.
nessus via4
NASL family Windows
description The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.3. It is, therefore, affected by the following vulnerabilities : - A memory corruption issue exists in the Impress tool due to improper validation of user-supplied input when handling elements in invalid presentations. An unauthenticated, remote attacker can exploit this, via specially crafted MetaActions in an ODP or OTP file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1513) - A privilege escalation vulnerability exists due to the use of an unquoted Windows search path. A local attacker can exploit this to execute arbitrary code with elevated privileges. (CVE-2016-6803) - A privilege escalation vulnerability exists due to the use of a fixed path to load system binaries. A local attacker can exploit this, via a specially crafted DLL file in the library path, to inject and execute arbitrary code with elevated privileges. (CVE-2016-6804)
last seen 2017-11-30
modified 2017-11-09
plugin id 94199
published 2016-10-21
reporter Tenable
title Apache OpenOffice < 4.1.3 Multiple Vulnerabilities
refmap via4
bid 94418
sectrack 1037015
Last major update 13-11-2017 - 09:29
Published 13-11-2017 - 09:29
Last modified 29-11-2017 - 12:15
Back to Top