53 matches found
CVE-2019-9853
LibreOffice: CVE-2019-9853 — A URL decoding flaw in how macro URLs are processed and categorized lets an attacker craft a document that bypasses macro security settings, enabling arbitrary macro execution. Affected versions: LibreOffice 6.2 before 6.2.7 and 6.3 before 6.3.1. Remediation: update t...
CVE-2019-14422
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:file1?path2:file2 U...
CVE-2019-14422
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:file1?path2:file2 U...
Open redirect
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:file1?path2:file2 U...
CVE-2019-14422
CVE-2019-14422 affects TortoiseSVN 1.12.1, where the tsvncmd: URI handler can perform a customised diff operation on Excel files via tsvncmd:command:diff?path:[file1]?path2:[file2]. For xls files, it runs diff-xls.js with wscript, opening files without macro security warnings and potentially exec...
Apache OpenOffice Text Document Malicious Macro Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/zip' require 'cgi' class MetasploitModule "Apache OpenOffice Text Document Malicious Macro Execution", 'Description' = %q This module...
Apache OpenOffice Text Document Malicious Macro Execution Exploit
This Metasploit module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro...
Apache OpenOffice Text Document Malicious Macro Execution
This module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro. If set to...
Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64
A flaw was found in the way OpenOffice.org enforced a macro security setting for macros, written in the Python scripting language, that were embedded in OpenOffice.org documents. If a user were tricked into opening a specially crafted OpenOffice.org document and previewed the macro directory...
Scientific Linux Security Update : openoffice.org2 on SL4.x i386/x86_64
A flaw was found in the way OpenOffice.org enforced a macro security setting for macros, written in the Python scripting language, that were embedded in OpenOffice.org documents. If a user were tricked into opening a specially crafted OpenOffice.org document and previewed the macro directory...
SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 7079)
This update of OpenOfficeorg fixes the following security issue : - Arbitrary macros written in Python can be executed by bypassing macro security permissions. CVE-2010-0395 It also provides the maintenance update to OpenOffice.org-3.2.1. Details about all upstream changes can be found at...
Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:221)
Multiple vulnerabilities was discovered and corrected in the OpenOffice.org : Integer overflow allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow CVE-2009-2949. Heap-based buffer overflow allows remote attackers to cause a denial of...
openoffice.org security update
CentOS Errata and Security Advisory CESA-2010:0459 Updated openoffice.org packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System...
RedHat Update for openoffice.org RHSA-2010:0459-01
Check for the Version of openoffice.org OpenVAS Vulnerability Test RedHat Update for openoffice.org RHSA-2010:0459-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...
Moderate: Red Hat Security Advisory: openoffice.org security update
Updated openoffice.org packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Code injection
OpenOffice.org OOo 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications VBA macro security settings, which allows remote attackers to run arbitrary macros via a crafted document...
CVE-2010-0136
CVE-2010-0136 affects OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 where VBA macro security settings are not properly enforced, enabling remote attackers to execute arbitrary macros via crafted documents. The issue stems from insufficient enforcement of VBA macro security in the ooo-build/OpenOff...
[Backports-security-announce] Security Update for openoffice.org
Rene Engelhard uploaded a new package for openoffice.org which fixed the following security problems: CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a...
[Backports-security-announce] Security Update for openoffice.org
Rene Engelhard uploaded a new package for openoffice.org which fixed the following security problems: CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a...
[SECURITY] [DSA 1995-1] New openoffice.org packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1995-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 12, 2010 http://www.debian.org/security/faq -...