LibreOffice, OpenOffice Security Vulnerabilities

OpenOffice: User-assisted execution of arbitrary code

Background Apache OpenOffice is an open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. Description An exploitable out-of-bounds vulnerability exists in OpenOffice Impress when handling MetaActions. Impact A remote attacker could...

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user...

Apache OpenOffice Text Document Malicious Macro Execution Exploit

This Metasploit module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro.....

Apache OpenOffice Text Document Malicious Macro Execution

...

Apache OpenOffice Text Document Malicious Macro Execution

This module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro. If set to.....

openoffice.us.com IFRAME Injection vulnerability

Vulnerable URL: http://www.openoffice.us.com/openoffice/offsite.php?dest=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 19.12.2016 Latest check for patch:| 19.12.2016 16:32 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed...

Apache OpenOffice 1.0 Windows Installer Trojan Execution Vulnerability

The Apache OpenOffice installer for Windows contained a defective operation that could trigger execution of unwanted software installed by a Trojan Horse application. The installer defect is known as an unquoted Windows search path vulnerability. In the case of Apache OpenOffice installers for...

CentOS 7 : libcmis / libpagemaker / libreoffice / mdds (CESA-2016:2579)

An update for libreoffice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability...

autocorr, libcmis, libpagemaker, libreoffice, mdds security update

CentOS Errata and Security Advisory CESA-2016:2579 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces...

AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting Vulnerability

Exploit for java platform in category web...

Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal Vulnerability

Exploit for java platform in category web...

AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting

AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site...

AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting

...

Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal

Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory...

Atlassian Confluence AppFusions Doxygen 1.3.x Cross Site Scripting

...

Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal

...

Atlassian Confluence AppFusions Doxygen 1.3.x Information Disclosure

...

Atlassian Confluence AppFusions Doxygen 1.3.0 Path Traversal

...

Oracle Linux 7 : libreoffice (ELSA-2016-2579)

From Red Hat Security Advisory 2016:2579 : An update for libreoffice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity...

GLSA-201611-03 : LibreOffice, OpenOffice: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201611-03 (LibreOffice, OpenOffice: Multiple vulnerabilities) Multiple vulnerabilities have been found in both LibreOffice and OpenOffice. Please review the referenced CVE’s for specific information regarding...

RHEL 7 : libreoffice (RHSA-2016:2579)

An update for libreoffice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability...

LibreOffice, OpenOffice: Multiple vulnerabilities

Background LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. Apache OpenOffice is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. .....

(RHSA-2016:2579) Moderate: libreoffice security, bug fix, and enhancement update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Apache OpenOffice 4.1.2 Privilege Escalation Vulnerability

Exploit for multiple platform in category local...

Apache OpenOffice < 4.1.3 Multiple Vulnerabilities

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.3. It is, therefore, affected by the following vulnerabilities : A memory corruption issue exists in the Impress tool due to improper validation of user-supplied input when handling elements in...

FreeBSD : openoffice -- information disclosure vulnerability (ab947396-9018-11e6-a590-14dae9d210b8)

Apache reports : The exposure exploits the way OLE previews are generated to embed arbitrary file data into a specially crafted document when it is opened. Data exposure is possible if the updated document is distributed to other...

CVE-2016-6803

An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted.....

Apache OpenOffice -- multiple vulnerabilities

The Apache Openofffice project reports: CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker....

Apache OpenOffice 'Impress Tool' Denial of Service Vulnerability - Windows

Apache OpenOffice is prone to a denial of service (DoS)...

Apache OpenOffice 'Impress Tool' Denial of Service Vulnerability - Mac OS X

Apache OpenOffice is prone to a denial of service (DoS)...

Out-of-bounds

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP...

CVE-2016-1513

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP...

CVE-2016-1513

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP...

CVE-2016-1513

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP...

CVE-2016-1513

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP...

CVE-2016-1513

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP...

FreeBSD : Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations) (72f71e26-4f69-11e6-ac37-ac9e174be3af)

The Apache OpenOffice Project reports : An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in Apache OpenOffice Impress. The defect may cause the document to appear as corrupted...

OpenOffice Impress MetaActions Arbitrary Read Write Vulnerability

Talos Vulnerability Report TALOS-2016-0051 OpenOffice Impress MetaActions Arbitrary Read Write Vulnerability July 21, 2016 CVE Number CVE-2016-1513 Description An exploitable out-of-bounds vulnerability exists in OpenOffice when handling MetaActions. A specially crafted Open Office Impress file...

KLA10855 Memory corruption vulnerability in Apache OpenOffice

An unspecified vulnerability was found in Apache OpenOffice Impress. By exploiting this vulnerability malicious users can cause denial of service or execute arbitrary code. This vulnerability can be exploited remotely via a specially designed .ODP and .OTP files. Technical details An exploitable...

Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations)

The Apache OpenOffice Project reports: An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in Apache OpenOffice Impress. The defect may cause the document...

BugCrowd CSV Injection

...

GLSA-201603-05 : LibreOffice, OpenOffice: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201603-05 (LibreOffice, OpenOffice: Multiple vulnerabilities) Multiple vulnerabilities were found in both LibreOffice and OpenOffice that allow the remote execution of arbitrary code and potential Denial of Service. ...

Gentoo Security Advisory GLSA 201603-05

Gentoo Linux Local Security Checks GLSA...

LibreOffice, OpenOffice: Multiple vulnerabilities

Background Apache OpenOffice is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity. .....

LibreOffice and OpenOffice ODF Document PrinterSetup Integer Underflow (CVE-2015-5212)

An integer underflow vulnerability exists in LibreOffice and OpenOffice. The vulnerability is due to insufficient size checks when processing the PrinterSetup data within ODF documents. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted.....

openSUSE Security Update : LibreOffice and related libraries (openSUSE-2016-273)

This update for LibreOffice and some library dependencies (cmis-client, libetonyek, libmwaw, libodfgen, libpagemaker, libreoffice-share-linker, mdds, libwps) fixes the following issues : Changes in libreoffice : Provide l10n-pt from pt-PT boo#945047 - LO-L3: LO is duplicating master pages, ...

SUSE SLED11 Security Update : Recommended update for LibreOffice (SUSE-SU-2016:0324-1)

This update brings LibreOffice to version 5.0.4, a major version update. It brings lots of new features, bug fixes and also security fixes. Features as seen on http://www.libreoffice.org/discover/new-features/ LibreOffice 5.0 ships an impressive number of new features for its spreadsheet...

Cisco MiniUPnP Stack Smashing Protection Attack

The Internet of Things security challenge is twofold: finding bugs, and more urgent—fixing them. Cisco’s Talos security intelligence and research group found and privately disclosed a serious and trivially exploitable client-side bug in MiniUPnP that was patched in September of last year. The...

CentOS Update for autocorr-af CESA-2015:2619 centos6

Check the version of...

Oracle Linux 6 / 7 : libreoffice (ELSA-2015-2619)

From Red Hat Security Advisory 2015:2619 : Updated libreoffice packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base...