Herbert Duerr
2014-08-21 13:01:32 UTC
CVE-2014-3524
OpenOffice Calc Command Injection Vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions may also be affected.
Description:
The vulnerability allows command injection when loading Calc spreadsheets. Specially crafted documents can be used for command-injection attacks. Further exploits are possible but have not been verified.
Mitigation:
Apache OpenOffice users are advised to upgrade to Apache OpenOffice 4.1.1. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
Credits:
The Apache OpenOffice security team credits Rohan Durve and James Kettle of Context Information Security as the discoverer of this flaw.
Herbert Dürr
Member of the Apache OpenOffice Security Team
OpenOffice Calc Command Injection Vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions may also be affected.
Description:
The vulnerability allows command injection when loading Calc spreadsheets. Specially crafted documents can be used for command-injection attacks. Further exploits are possible but have not been verified.
Mitigation:
Apache OpenOffice users are advised to upgrade to Apache OpenOffice 4.1.1. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
Credits:
The Apache OpenOffice security team credits Rohan Durve and James Kettle of Context Information Security as the discoverer of this flaw.
Herbert Dürr
Member of the Apache OpenOffice Security Team