CVE-2012-4233
openoffice.org - remote
EPSS 2.5%
Description
LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll.
How to fix CVE-2012-4233
To remediate CVE-2012-4233, upgrade the affected package to a fixed version below.
- Debian/libreoffice—upgrade to 1:3.5.4+dfsg-3 or later
- —upgrade to 1:3.2.1-11+squeeze8 or later
Is CVE-2012-4233 being exploited?
Low — EPSS is 2.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:3.5.4+dfsg-3
- from 0, < 1:3.2.1-11+squeeze8