CVE-2012-0037
moderate-risk
Published 2012-06-17
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Do I need to act?
-
0.90% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (19)
Raptor
Affected Vendors
References (62)
Release Notes
http://librdf.org/raptor/RELEASE.html#rel2_0_7
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0410.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0411.html
Broken Link
http://secunia.com/advisories/48479
Broken Link
http://secunia.com/advisories/48493
Broken Link
http://secunia.com/advisories/48494
Broken Link
http://secunia.com/advisories/48526
Broken Link
http://secunia.com/advisories/48529
Broken Link
http://secunia.com/advisories/48542
Broken Link
http://secunia.com/advisories/48649
Broken Link
http://secunia.com/advisories/50692
Broken Link
http://secunia.com/advisories/60799
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201209-05.xml
Third Party Advisory
http://www.debian.org/security/2012/dsa-2438
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
Vendor Advisory
http://www.libreoffice.org/advisories/CVE-2012-0037/
and 42 more references
46
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
3/34 · Minimal
Exposure
19/34 · Moderate