CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2014-3575 – openoffice: Arbitrary file disclosure via crafted OLE objects
https://notcve.org/view.php?id=CVE-2014-3575
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. La generación de previsualizaciones OLE en Apache OpenOffice anterior a 4.1.1 y OpenOffice.org (OOo) podría permitir a atacantes remotos embeber datos arbitrarios en documentos a través de objetos OLE manipulados. A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution. • http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html http://rhn.redhat.com/errata/RHSA-2015-0377.html http://secunia.com/advisories/59600 http://secunia.com/advisories/59877 http://www.openoffice.org/security/cves/CVE-2014-3575.html http://www.securityfocus.com/bid/69354 http://www.securitytracker.com/id/103075 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3524
https://notcve.org/view.php?id=CVE-2014-3524
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. Apache OpenOffice anterior a 4.1.1 permite a atacantes remotos ejecutar comandos arbitrarios y posiblemente tener otro impacto no especificado a través de una hoja de cálculo Calc manipulada. • http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced http://secunia.com/advisories/59600 http://secunia.com/advisories/59877 http://secunia.com/advisories/60235 http://www.openoffice.org/security/cves/CVE-2014-3524.html http://www.securityfocus.com/archive/1/533200/100/0/threaded http://www.securityfocus.com/bid/69351 http://www.securitytracker.com/id/1030755 https://exchange.xforce.ibmcloud.com/vulnerabilities/95421 https://security.gentoo.org/glsa/2016 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •