CVE-2020-13958
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.
Una vulnerabilidad en los eventos de scripting de Apache OpenOffice, permite a un atacante construir documentos que contienen hipervínculos que apuntan a un ejecutable en el sistema de archivos de los usuarios objetivo. Estos hipervínculos pueden ser activados incondicionalmente. En las versiones corregidas, no puede ser llamado a ningún protocolo interno desde el controlador de eventos del documento y otros hipervínculos requieren un clic de control
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-08 CVE Reserved
- 2020-11-17 CVE Published
- 2023-10-10 EPSS Updated
- 2024-06-09 First Exploit
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (2)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Openoffice Search vendor "Apache" for product "Openoffice" | >= 4.0.0 < 4.1.8 Search vendor "Apache" for product "Openoffice" and version " >= 4.0.0 < 4.1.8" | - |
Affected
| ||||||