openoffice-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mar...@apache.org
Subject svn commit: r1883279 - /openoffice/ooo-site/trunk/content/security/cves/CVE-2020-13958.html
Date Tue, 10 Nov 2020 23:11:16 GMT
Author: marcus
Date: Tue Nov 10 23:11:16 2020
New Revision: 1883279

URL: http://svn.apache.org/viewvc?rev=1883279&view=rev
Log:
Added bulletin for CVE-2020-13958

Added:
    openoffice/ooo-site/trunk/content/security/cves/CVE-2020-13958.html

Added: openoffice/ooo-site/trunk/content/security/cves/CVE-2020-13958.html
URL: http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/cves/CVE-2020-13958.html?rev=1883279&view=auto
==============================================================================
--- openoffice/ooo-site/trunk/content/security/cves/CVE-2020-13958.html (added)
+++ openoffice/ooo-site/trunk/content/security/cves/CVE-2020-13958.html Tue Nov 10 23:11:16
2020
@@ -0,0 +1,125 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>CVE-2020-13958</title>
+    <style type="text/css"></style>
+  </head>
+
+  <body>
+    <p>
+      <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13958">
+      CVE-2020-13958
+      </a>
+    </p>
+    <p>
+      <a href="https://www.openoffice.org/security/cves/CVE-2020-13958.html">
+      Apache OpenOffice Advisory
+      </a>
+    </p>
+    <p style="text-align:center; font-size:largest">
+      <strong>
+        CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in crafted
documents
+      </strong>
+    </p>
+    <p style="text-align:center; font-size:larger">
+      <strong>
+        Fixed in Apache OpenOffice 4.1.8
+      </strong>
+    </p>
+    <p>
+      <strong>
+        Description
+      </strong>
+    </p>
+    <p>
+      A vulnerability in Apache OpenOffice scripting events allows an attacker to construct
documents containing
+      hyperlinks pointing to an executable on the target users file system. These hyperlinks
can be triggered
+      unconditionally. In fixed versions no internal protocol may be called from the document
event handler and other
+      hyperlinks require a control-click.
+    </p>
+    <p>
+      <strong>
+        Severity: Low
+      </strong>
+    </p>
+    <p>
+      There are no known exploits of this vulnerability.
+      <br />
+      A proof-of-concept demonstration exists.
+    </p>
+    <p>
+      Thanks to the reporter for discovering this issue.
+    </p>
+    <p>
+      <strong>
+        Vendor: The Apache Software Foundation
+      </strong>
+    </p>
+    <p>
+      <strong>
+        Versions Affected
+      </strong>
+    </p>
+    <p>
+      All Apache OpenOffice versions 4.1.7 and older are affected.
+      <br />
+      OpenOffice.org versions may also be affected.
+    </p>
+    <p>
+      <strong>
+        Mitigation
+      </strong>
+    </p>
+    <p>
+      Install Apache OpenOffice 4.1.8 for the latest maintenance and cumulative security
fixes. Use the Apache OpenOffice
+      <a href="https://www.openoffice.org/download/">
+        download page
+      </a>.
+    </p>
+
+    <p>
+      <strong>
+        Acknowledgments
+      </strong>
+    </p>
+    <p>
+      The Apache OpenOffice Security Team would like to thank Imre Rad for discovering and
reporting this attack vector.
+    </p>
+    <p>
+      <strong>
+        Further Information
+      </strong>
+    </p>
+    <p>
+      For additional information and assistance, consult the
+      <a href="https://forum.openoffice.org/">
+        Apache OpenOffice Community Forums
+      </a>
+      or make requests to the
+      <a href="mailto:users@openoffice.apache.org">
+        users@openoffice.apache.org
+      </a>
+      public mailing list.
+    </p>
+    <p>
+      The latest information on Apache OpenOffice security bulletins can be found at the
+      <a href="https://www.openoffice.org/security/bulletin.html">
+        Bulletin Archive page
+      </a>.
+    </p>
+    <hr />
+    <p>
+      <a href="https://security.openoffice.org">
+        Security Home
+      </a>
+      -&gt;
+      <a href="https://www.openoffice.org/security/bulletin.html">
+        Bulletin
+      </a>
+      -&gt;
+      <a href="https://www.openoffice.org/security/cves/CVE-2020-13958.html">
+        CVE-2020-13958
+      </a>
+    </p>
+  </body>
+</html>



Mime
View raw message