CVE-2014-3524
Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 26 Aug 2014, 14:00
Last modified:06 Aug 2024, 10:50
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.3 HIGH
v2.0 (nvd)
EPSS Score
10.66% MEDIUM
11% probability -1.66%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
26 Aug 2014, 14:00
Published
Vulnerability first disclosed
06 Aug 2024, 10:50
Last Modified
Vulnerability information updated
Description
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
CVSS Metrics
- v2.0•HIGH•Score: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 10.66%• Percentile: 93%
Techniques & Countermeasures
- CWE-77•Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Affected Systems
- apache•openoffice
< 4.1.1
- libreoffice•libreoffice
< 4.2.6 | ≥ 4.3.0, < 4.3.1
References (10)
- http://www.securityfocus.com/bid/69351
- http://secunia.com/advisories/60235
- http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/
- http://www.securityfocus.com/archive/1/533200/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95421
- http://www.securitytracker.com/id/1030755
- http://secunia.com/advisories/59877
- http://www.openoffice.org/security/cves/CVE-2014-3524.html
- https://security.gentoo.org/glsa/201603-05
- http://secunia.com/advisories/59600