‫ Apache OpenOffice Information Disclosure and Command Injection Vulnerabilities

ID: IRCAD2014083480

Release Date: 2014-08-25

Criticality level: Highly critical

Two vulnerabilities have been reported in Apache OpenOffice, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.

1) An error when loading Calc spreadsheets can be exploited to inject arbitrary commands.

2) An error when generating OLE previews can be exploited to embed arbitrary file data into a document.

The vulnerabilities are reported in versions 4.1.0 and prior running on Windows.

Update to version 4.1.1.

Apache OpenOffice: