CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
85.9%
It was discovered during routine code review that LibreOffice unconditionally executed certain VBA macros on loading Microsoft Office documents, contrary to user expectations (CVE-2014-0247). A vulnerability in LibreOffice allows an attacker to send a document which when opened will trigger the prompt to “Update Links” but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties (CVE-2014-3575). LibreOffice has been updated to version 4.1.6.2 and patched to fix the CVE-2014-0247 and CVE-2014-3575 issues as well as to fix other bugs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | libreoffice | < 4.1.6.2-1 | libreoffice-4.1.6.2-1.mga4 |
www.libreoffice.org/about-us/security/advisories/cve-2014-0247/
www.libreoffice.org/about-us/security/advisories/cve-2014-3575/
bugs.mageia.org/show_bug.cgi?id=13580
lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html
lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html