QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-3157

Back to search

CVE-2017-3157

Published: Nov 20, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.

VendorProductVersions

Apache Software Foundation

Apache OpenOffice

affected
4.0.0 to 4.1.3, and some previous releases, including some using our old OpenOffice.org brand

References

RHSA-2017:0914
vendor-advisory
x_refsource_REDHAT
DSA-3792
vendor-advisory
x_refsource_DEBIAN
1037893
vdb-entry
x_refsource_SECTRACK
96402
vdb-entry
x_refsource_BID
RHSA-2017:0979
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now