What is CVE-2014-3524?

CVE-2014-3524 is a vulnerability in Apache Openoffice, classified under Command Injection. Published 2014-08-26.

Is CVE-2014-3524 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Apache Openoffice

CVE-2014-3524

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.107 (93.5th percentile) — read the EPSS interpretation.

Affected products

Apache Openoffice
Libreoffice
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

Public proof-of-concept exploits

References

69351 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID, Broken Link)
60235 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
20140821 CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability (mailing-list, x_refsource_BUGTRAQ, Third Party Advisory, VDB Entry, Broken Link)
apache-openoffice-cve20143524-command-exec(95421) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
1030755 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK, Broken Link)
59877 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
GLSA-201603-05 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
59600 (x_refsource_SECUNIA, Broken Link, third-party-advisory)

Frequently asked questions

What is CVE-2014-3524?: CVE-2014-3524 is a vulnerability in Apache Openoffice, classified under Command Injection. Published 2014-08-26.
Is CVE-2014-3524 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.