Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-4551

Опубликовано: 04 нояб. 2015
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5openoffice.orgWill not fix
Red Hat Enterprise Linux 6libreofficeFixedRHSA-2015:261914.12.2015
Red Hat Enterprise Linux 7libreofficeFixedRHSA-2015:261914.12.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1278812libreoffice: Arbitrary file disclosure in Calc and Writer

EPSS

Процентиль: 92%
0.07995
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-4551

ubuntu
почти 10 лет назад

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

nvd логотип

CVE-2015-4551

nvd
почти 10 лет назад

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

debian логотип

CVE-2015-4551

debian
почти 10 лет назад

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the s ...

github логотип

GHSA-fjgf-2jpq-hrjf

github
больше 3 лет назад

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

fstec логотип

BDU:2015-12098

CVSS3: 6.8
fstec
почти 10 лет назад

Уязвимость операционных систем Debian GNU/Linux, Ubuntu, пакетов офисных программ LibreOffice и Apache OpenOffice, позволяющая нарушителю получить доступ к защищаемой информации

EPSS

Процентиль: 92%
0.07995
Низкий

4.3 Medium

CVSS2

Уязвимость CVE-2015-4551