National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:apache:openoffice:4.0.1
There are 14 matching records.
Vuln ID Summary CVSS Severity
CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.

Published: November 20, 2017; 03:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-12608

A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

Published: November 20, 2017; 03:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2017-12607

A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

Published: November 20, 2017; 02:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2017-9806

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

Published: November 20, 2017; 12:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-6804

The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon.

Published: November 20, 2017; 10:29:00 AM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2016-6803

An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.

Published: November 13, 2017; 09:29:00 AM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2016-1513

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.

Published: August 05, 2016; 10:59:00 AM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2015-5214

LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.

Published: November 10, 2015; 12:59:04 PM -05:00
V2: 6.8 MEDIUM
CVE-2015-5213

Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.

Published: November 10, 2015; 12:59:03 PM -05:00
V2: 6.8 MEDIUM
CVE-2015-5212

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.

Published: November 10, 2015; 12:59:02 PM -05:00
V2: 6.8 MEDIUM
CVE-2015-4551

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

Published: November 10, 2015; 12:59:00 PM -05:00
V2: 4.3 MEDIUM
CVE-2015-1774

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

Published: April 28, 2015; 10:59:00 AM -04:00
V2: 6.8 MEDIUM
CVE-2014-3575

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

Published: August 26, 2014; 08:55:04 PM -04:00
V2: 4.3 MEDIUM
CVE-2014-3524

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

Published: August 26, 2014; 10:55:05 AM -04:00
V2: 9.3 HIGH