QwikSec

Security Database

CVE

CWE

Training

CVE-2021-30245

Published: Apr 15, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink.

Vendor	Product	Versions
Apache Software Foundation	Apache OpenOffice	affected `Apache OpenOffice - <= 4.1.9`

References

https://lists.apache.org/thread.html/r87ff11512e4883052991e6b725e20294224034ea8453b811fb3ee735%40%3Cusers.openoffice.apache.org%3E

x_refsource_MISC

[openoffice-dev] 20210415 CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks

mailing-list

x_refsource_MLIST

[openoffice-dev] 20210415 Re: CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks

mailing-list

x_refsource_MLIST

[openoffice-users] 20210415 CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks

mailing-list

x_refsource_MLIST

[openoffice-users] 20210415 Re: CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks

mailing-list

x_refsource_MLIST

[announce] 20210415 CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.