By exploiting the way Apache OpenOffice prior to 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the malicious user to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache openoffice |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux server eus 7.3 |
||
redhat enterprise linux server eus 7.4 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server tus 7.3 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server aus 7.3 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server aus 7.4 |
Vulmon