Information disclosure in Apache Openoffice

CVE-2014-3575

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

Vulnerability class: Information Disclosure

EPSS: 0.099 (93.1th percentile) — read the EPSS interpretation.

Affected products

Apache Openoffice
Libreoffice
Redhat Enterprise_linux_desktop — versions 7.0
Redhat Enterprise_linux_server — versions 7.0
Redhat Enterprise_linux_workstation — versions 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

FEDORA-2014-10732 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
69354 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID, Broken Link)
apache-openoffice-cve20143575-info-disc(95420) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
RHSA-2015:0377 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
59877 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects (mailing-list, x_refsource_BUGTRAQ, Broken Link)
GLSA-201603-05 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
59600 (x_refsource_SECUNIA, Broken Link, third-party-advisory)