March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2021-34782 – Cisco DNA Center Vulnerability
October 8, 2021Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
October 8, 2021Rewterz Threat Advisory – CVE-2021-34782 – Cisco DNA Center Vulnerability
October 8, 2021Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
October 8, 2021
Severity
Medium
Analysis Summary
CVE-2021-40439
Apache OpenOffice is vulnerable to a denial of service, caused by a billion laughs attack. By persuading a victim to open a specially-crafted XML file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-28129
Apache OpenOffice installer for Windows could allow a local attacker to gain elevated privileges on the system. The DEB package installs using a userid and groupid of 500 instead of root. An attacker could exploit this vulnerability to trigger a malicious attack on files owned by that user or group if they exist.
Impact
- Denial of Services
- Privilege Escalation
Affected Vendors
- Apache
Affected Products
- Apache OpenOffice 4.1.8
- Apache OpenOffice 4.1.9
- Apache OpenOffice 4.1.10
Remediation
Upgrade to the latest version of OpenOffice, available from the Apache Web site.