Page 4 of 31 results (0.012 seconds)

CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back. Mediante la explotación de la forma en la que las versiones anteriores a la 4.1.4 de Apache OpenOffice renderizan objetos embebidos, un atacante podría manipular un documento que permite leer en un archivo del sistema de archivos del usuario. El atacante podría recuperar información mediante el uso de, por ejemplo, secciones ocultas para almacenar la información, engañando al usuario para que guarde el documento y convenciéndolo para que envíe de nuevo el documento al atacante. • http://www.securityfocus.com/bid/96402 http://www.securitytracker.com/id/1037893 https://access.redhat.com/errata/RHSA-2017:0914 https://access.redhat.com/errata/RHSA-2017:0979 https://www.debian.org/security/2017/dsa-3792 https://www.openoffice.org/security/cves/CVE-2017-3157.html https://access.redhat.com/security/cve/CVE-2017-3157 https://bugzilla.redhat.com/show_bug.cgi?id=1425844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0

An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit. Un defecto de instalador conocido como "unquoted Windows search path vulnerability" afectó a los instaladores de Apache OpenOffice en versiones anteriores a la 4.1.3. El PC debió haber sido previamente infectado por una aplicación troyana (o usuario) que se ejecute con privilegios de administrador. • http://www.securityfocus.com/bid/94418 http://www.securitytracker.com/id/1037015 https://www.openoffice.org/security/cves/CVE-2016-6803.html • CWE-426: Untrusted Search Path •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0

The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon. El instalador de Apache OpenOffice (versiones anteriores a la 4.13, incluyendo algunas denominadas OpenOffice.org) para Windows contiene una operación defectuosa que permite la ejecución de código arbitrario con privilegios elevados. Esto requiere que la localización en la que el instalador se ejecuta haya sido previamente envenenada por un archivo que suplanta una biblioteca de vínculos dinámicos de la que depende el instalador. • http://www.securityfocus.com/bid/93774 http://www.securitytracker.com/id/1037016 https://www.openoffice.org/security/cves/CVE-2016-6804.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file. La herramienta Impress en Apache OpenOffice 4.1.2 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura o escritura fuera de rango) o ejecutar código arbitrario a través de MetaActions manipuladas en un archivo (1) ODP o (2) OTP. • http://www.openoffice.org/security/cves/CVE-2016-1513.html http://www.securityfocus.com/bid/92079 http://www.securitytracker.com/id/1036443 http://www.talosintelligence.com/reports/TALOS-2016-0051 http://www.ubuntu.com/usn/USN-3046-1 https://bz.apache.org/ooo/show_bug.cgi?id=127045 https://security.gentoo.org/glsa/201703-01 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 7%CPEs: 7EXPL: 0

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document. Desbordamiento de entero en LibreOffice en versiones anteriores a 4.4.5 y Apache OpenOffice en versiones anteriores a 4.1.2, cuando está habilitado el ajuste de configuración 'Load printer settings with the document', permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de datos PrinterSetup manipulados en un documento ODF. An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file. • http://rhn.redhat.com/errata/RHSA-2015-2619.html http://www.debian.org/security/2015/dsa-3394 http://www.libreoffice.org/about-us/security/advisories/cve-2015-5212 http://www.openoffice.org/security/cves/CVE-2015-5212.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77486 http://www.securitytracker.com/id/1034085 http://www.securitytracker.com/id/1034091 http://www.ubuntu.com/usn/USN-2793-1 https://s • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •