CVE-2025-65117 AVEVA Process Optimization Use of Potentially Dangerous Function

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-65117 AVEVA Process Optimization Use of Potentially Dangerous Function

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

Xpdf 安全漏洞

Glyph & Cog Xpdf is an open source PDF file viewer from Glyph & Cog. A security vulnerability exists in Xpdf 4.04 and earlier versions, which stems from a loop of PDF objects embedded in the file tree that can lead to infinite recursion and a stack overflow...

SUSE CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features

Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Trellix · July 19, 2022 This blog was also written by Chintan Shah Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned...

Information Disclosure

libreoffice is vulnerable to information disclosure attacks. The vulnerability exists by exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the...

A use cve-2017-11882 and cve-2018-0802 combination of vulnerability a malicious document analysis-vulnerability warning-the black bar safety net

! Recently intercepted an extension doc word document to attack the samples, which format is actually RTF format. By analyzing the document composition the use of a cve-2017-11882 and cve-2018-0802 vulnerability, and use the embedded excel object is used to trigger the vulnerability. The release ...

Microsoft Office Information Disclosure Vulnerability (CNVD-2018-08640)

Microsoft Office 2010 SP2 and others are products of Microsoft Corporation.Microsoft Office 2010 SP2 is an office software suite product.Word 2007 SP3 is a word processing software. An information disclosure vulnerability exists in Microsoft Word and Office. A remote attacker can exploit this...

Disappearing bytes: Reverse engineering the MS Office RTF parser

Microsoft Office was a prime target for attacks in 2017. As well as the large number of vulnerabilities discovered and proof-of-concept exploits published, malware authors felt it necessary to prevent detection of 'one-day' and 'old-day' exploits by antivirus software. It also became clear that...

Microsoft Office Equation ASLR Bypass

A remote code execution vulnerability exists in Microsoft Office with embedded Equation objects. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted Office file. Successful exploitation would allow an attacker to bypass the ASLR mechanism and execute...

Design/Logic Flaw

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

DEBIAN-CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

FreeBSD : Apache OpenOffice -- multiple vulnerabilities (27229c67-b8ff-11e7-9f79-ac9e174be3af)

The Apache Openofffice project reports : CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attack...

libreoffice: Arbitrary file disclosure in Calc and Writer

It was found that LibreOffice disclosed contents of a file specified in an embedded object's preview. An attacker could potentially use this flaw to expose details of a system running LibreOffice as an online service via a crafted document...

LibreOffice Calc And Writer File Disclosure Vulnerability - Windows

LibreOffice is prone to arbitrary file disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Debian DSA-3792-1 : libreoffice - security update

Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157 /for additional information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...