Published: 17/11/2020 Updated: 01/12/2020

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

A vulnerability in Apache OpenOffice scripting events allows an malicious user to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache openoffice

oss-sec mailing list archives   By Date By Thread </form>    [CVE-2020-13958] Apache OpenOffice - Unrestricted actions leads to arbitrary code execution in crafted documents <!--X-Subject ...

oss-sec mailing list archives   By Date By Thread </form>    Re: [CVE-2020-13958] Apache OpenOffice - Unrestricted actions leads to arbitrary code execution in crafted documents <!--X-Sub ...

Apache OpenOffice RCE (CVE-2020-13958) Summary Apache OpenOffice 4 (including 417, the latest version tested) is vulnerable to remote code execution; if a victim is convinced to open a crafted odt document on Windows, attackers could gain full control over their computer The vulnerability The problem is, the product does not handle script:event-listener handlers as macro ex

NVD-CWE-noinfo https://lists.apache.org/thread.html/r6b2f48cf6c4aad4ebd13f90033162276b0ccae63bea2d3d89cdaf355%40%3Cannounce.openoffice.apache.org%3E https://nvd.nist.gov https://github.com/irsl/apache-openoffice-rce-via-uno-links http://seclists.org/oss-sec/2020/q4/114

CVE-2020-13958

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect