Описание
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution.
Отчет
This issue affects the version of OpenOffice.org as shipped in Red Hat Enterprise Linux 5, and the version of LibreOffice as shipped in Red Hat Enterprise Linux 6. Red Hat Product Security has rated this issue as having Moderate security impact and is not planned to be addressed in any future updates.
Меры по смягчению последствий
- Whenever possible, exercise caution when opening documents sent by unknown/untrusted parties.
- If "Update Links" dialog is seen, when opening a document, do not send this document to others, since it may be possible that local files got attached to the document. (The exploit only works when the document is sent over to the attacker after opening it on your system using LibreOffice/OpenOffice)
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openoffice.org | Will not fix | ||
| Red Hat Enterprise Linux 6 | libreoffice | Will not fix | ||
| Red Hat Enterprise Linux 7 | libabw | Fixed | RHSA-2015:0377 | 05.03.2015 |
| Red Hat Enterprise Linux 7 | libcmis | Fixed | RHSA-2015:0377 | 05.03.2015 |
| Red Hat Enterprise Linux 7 | libetonyek | Fixed | RHSA-2015:0377 | 05.03.2015 |
| Red Hat Enterprise Linux 7 | libfreehand | Fixed | RHSA-2015:0377 | 05.03.2015 |
| Red Hat Enterprise Linux 7 | liblangtag | Fixed | RHSA-2015:0377 | 05.03.2015 |
| Red Hat Enterprise Linux 7 | libmwaw | Fixed | RHSA-2015:0377 | 05.03.2015 |
| Red Hat Enterprise Linux 7 | libodfgen | Fixed | RHSA-2015:0377 | 05.03.2015 |
| Red Hat Enterprise Linux 7 | libreoffice | Fixed | RHSA-2015:0377 | 05.03.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
ELSA-2015-0377: libreoffice security, bug fix, and enhancement update (MODERATE)
EPSS
4.3 Medium
CVSS2