oss-sec mailing list archives

Re: CVE-2012-5639: Apache OpenOffice: Loading internal / external resources without warning

From: Timo Warns <timo.warns () gmail com>
Date: Wed, 3 Jan 2024 21:36:48 +0100

For what it's worth: The original thread on this CVE is available at
https://www.openwall.com/lists/oss-security/2012/12/13/10

Regards, Timo

Am Mi., 3. Jan. 2024 um 12:02 Uhr schrieb Arrigo Marchiori <
ardovm () apache org>:

*** This announcement is a correction to the one sent on 28 December 2023.
*** The "Affected versions" information was wrong.

Severity: Moderate

Affected versions:

- Apache OpenOffice through 4.1.14

Description:

In Apache OpenOffice and LibreOffice embedded content will be opened
automatically without that a warning is shown.

Credit:

The Apache OpenOffice Security Team would like to thank Timo Warns and
Joachim Mammele for discovering and reporting this attack vector.

References:
https://openoffice.apache.org/
https://www.cve.org/CVERecord?id=CVE-2012-5639
--
Arrigo

Current thread:

CVE-2012-5639: Apache OpenOffice: Loading internal / external resources without warning Arrigo Marchiori (Jan 03)
- Re: CVE-2012-5639: Apache OpenOffice: Loading internal / external resources without warning Timo Warns (Jan 03)