CVE-2014-3575

Опубликовано: 27 авг. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html
Broken Link
http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0377.html
Third Party Advisory
http://secunia.com/advisories/59600
Broken Link
http://secunia.com/advisories/59877
Broken Link
http://www.openoffice.org/security/cves/CVE-2014-3575.html
Vendor Advisory
http://www.securityfocus.com/bid/69354
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030754
Broken Link
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95420
Third Party Advisory
VDB Entry
https://security.gentoo.org/glsa/201603-05
Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html
Broken Link
http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0377.html
Third Party Advisory
http://secunia.com/advisories/59600
Broken Link
http://secunia.com/advisories/59877
Broken Link
http://www.openoffice.org/security/cves/CVE-2014-3575.html
Vendor Advisory
http://www.securityfocus.com/bid/69354
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030754
Broken Link
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*

Версия до 4.1.1 (исключая)

Конфигурация 3

Одно из

cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*

Версия до 4.2.6 (исключая)

cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*

Версия от 4.3.0 (включая) до 4.3.1 (исключая)

EPSS

Процентиль: 93%

0.09871

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2014-3575

ubuntu

около 11 лет назад

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

CVE-2014-3575

redhat

около 11 лет назад

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

GHSA-42x7-f4ww-xqq9

github

больше 3 лет назад

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

ELSA-2015-0377

oracle-oval

больше 10 лет назад

ELSA-2015-0377: libreoffice security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 93%

0.09871

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200