CVE-2014-3524

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 26-08-2014 04:55

Last modified: - 07-02-2022 05:25

Total changes: - 2

Description

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

vendor=apache AND product=openoffice AND versionEndExcluding=4.1.1

vendor=libreoffice AND product=libreoffice AND versionEndExcluding=4.2.6

vendor=libreoffice AND product=libreoffice AND versionStartIncluding=4.3.0 AND versionEndExcluding=4.3.1

Reference

1030755-Broken Link, Third Party Advisory, VDB Entry
69351-Broken Link, Third Party Advisory, VDB Entry
GLSA-201603-05-Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2014-3524.html
60235-Broken Link
59877-Broken Link
59600-Broken Link
http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/
apache-openoffice-cve20143524-command-exec(95421)-Third Party Advisory, VDB Entry
20140821 CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability-Broken Link, Third Party Advisory, VDB Entry

Keywords

CVE-2014-3524

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-3524

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures