Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA11148
Multiple vulnerabilities in Apache OpenOffice

Updated: 06/03/2020
Detect date
?
 11/20/2017
Severity
?
 High
Description

Multiple serious vulnerabilities have been found in Apache OpenOffice. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensetive information.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in embedded object rendering process can be exploited remotely via crafted file to obtain sensetive information;
  2. An Out-of-Bounds write vulnerability in OpenOffice Writer DOC file parcer and specifically in the WW8Fonts Constructor can be exploited remotely via crafted file to cause arbitrary code potentially resulting in arbitrary code execution.
Affected products

Apache OpenOffice earlier than 4.1.4
Solution

Update to latest version
Apache OpenOffice download page
Original advisories

CVE-2017-3157: Arbitrary file disclosure in Calc and Writer
CVE-2017-9806: Out-of-Bounds Write in Writer’s WW8Fonts Constructor
Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]
Related products
 Apache OpenOffice
CVE-IDS
?
CVE-2017-31574.3Warning
CVE-2017-98066.8High
Find out the statistics of the vulnerabilities spreading in your region
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up