During the analysis of this issue, it was discovered that an incorrect bug fix was made by the StarOffice/ developers preparing OpenOffice 2.0 in 2005, whilst under the auspices of Sun Microsystems. When: The vulnerability predates OpenOffice entering the Apache Incubator. Best practice dictates to be careful when opening documents from unknown and unverified sources. Why: The mitigation in Apache OpenOffice 4.1.10 assures that a security warning is displayed to give users the option of continuing to open the hyperlink. How: Applications of the OpenOffice suite handle non-http(s) hyperlinks in an insecure way, allowing for 1-click code execution on Windows and Xubuntu systems via malicious executable files hosted on Internet-accessible file shares. >Credit: Fabian Bräunlein and Lukas Euler of Positive Security
> CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks The Apache OpenOffice Project has filed a Common Vulnerabilities and Exposures report with MITRE Corporation’s national vulnerability reporting system: What: A recently reported vulnerability states that all versions of OpenOffice through 4.1.9 can open non-http(s) hyperlinks, and could lead to untrusted code execution. Apache OpenOffice delivers up to 2.4 Million downloads each month. The OpenOffice suite is based around the OpenDocument Format (ODF), supports 41 languages, and ships for Windows, macOS, Linux 64-bit, and Linux 32-bit. Wilmington, DE, (GLOBE NEWSWIRE) - Who: Apache OpenOffice, an Open Source office-document productivity suite comprising six productivity applications: Writer, Calc, Impress, Draw, Math, and Base.
0 kommentar(er)
