CVE-2023-47804 – Apache OpenOffice: Macro URL arbitrary script execution
https://notcve.org/view.php?id=CVE-2023-47804
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502. Los documentos de Apache OpenOffice pueden contener enlaces que llaman a macros internas con argumentos arbitrarios. Para este fin se definen varios esquemas de URI. Los enlaces se pueden activar mediante clics o mediante eventos automáticos del documento. • http://www.openwall.com/lists/oss-security/2024/01/03/3 https://lists.apache.org/thread/ygp59swfcy6g46jf8v9s6qpwmxn8fsvb https://www.openoffice.org/security/cves/CVE-2023-47804.html • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2022-47502 – Apache OpenOffice: Macro URL arbitrary script execution
https://notcve.org/view.php?id=CVE-2022-47502
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. • http://www.openwall.com/lists/oss-security/2023/12/28/3 http://www.openwall.com/lists/oss-security/2024/01/03/3 https://lists.apache.org/thread/xr6tl91jj2jgcq8pdbrc4d8w13s6xn80 https://www.openoffice.org/security/cves/CVE-2022-47502.html • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2022-38745 – Apache OpenOffice: Empty entry in Java class path
https://notcve.org/view.php?id=CVE-2022-38745
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. A flaw was found in LibreOffice. When an empty Java class path entry is configured, LibreOffice will search for Java classes in the current working directory, allowing malicious Java classes to load when opening a document using the file manager, resulting in arbitrary code execution. • https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0 https://www.openoffice.org/security/cves/CVE-2022-38745.html https://access.redhat.com/security/cve/CVE-2022-38745 https://bugzilla.redhat.com/show_bug.cgi?id=2182044 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2022-37401 – Apache OpenOffice Weak Master Keys
https://notcve.org/view.php?id=CVE-2022-37401
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice Apache OpenOffice admite el almacenamiento de contraseñas para conexiones web en la base de datos de configuración del usuario. • http://www.openwall.com/lists/oss-security/2022/08/13/2 https://www.openoffice.org/security/cves/CVE-2022-37401.html • CWE-331: Insufficient Entropy •
CVE-2022-37400 – Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password
https://notcve.org/view.php?id=CVE-2022-37400
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice Apache OpenOffice admite el almacenamiento de contraseñas para conexiones web en la base de datos de configuración del usuario. • http://www.openwall.com/lists/oss-security/2022/08/13/1 https://www.openoffice.org/security/cves/CVE-2022-37400.html • CWE-330: Use of Insufficiently Random Values •