[CVE-2020-13958] Apache OpenOffice - Unrestricted actions leads to arbitrary code execution in crafted documents

[Dave Fisher <wa...@apache.org>]

CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in crafted documents

Fixed in Apache OpenOffice 4.1.8

Description

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct 
documents containing hyperlinks pointing to an executable on the target users file system.
These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol 
may be called from the document event handler and other hyperlinks require a control-click.

Severity: Low

There are no known exploits of this vulnerability.
A proof-of-concept demonstration exists.

Vendor: The Apache Software Foundation

Versions Affected

Apache OpenOffice 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, and 4.1.7
OpenOffice.org versions may also be affected.

Mitigation

Install Apache OpenOffice 4.1.8 for the latest maintenance and cumulative security fixes.
Use the Apache OpenOffice download page (https://www.openoffice.org/download/).

Acknowledgments

The Apache OpenOffice Security Team would like to thank Imre Rad for discovering and
reporting this attack vector.

Further Information

For additional information and assistance, consult the Apache OpenOffice Community Forums
(https://forum.openoffice.org) or make requests to the users@openoffice.apache.org
(mailto:users@openoffice.apache.org) public mailing list.

The latest information on Apache OpenOffice security bulletins can be found at the
Bulletin Archive page (https://www.openoffice.org/security/bulletin.html).

Re: [CVE-2020-13958] Apache OpenOffice - Unrestricted actions leads to arbitrary code execution in crafted documents

[Marcus <ma...@wtnet.de>]

Am 11.11.20 um 10:06 schrieb Alain DUFOUR:
> Can I take this mail for the opportunity to make a suggestion of including
> .docx in the compatible formats in Writer. It is very often that we receive

I would like to ask you to write a new mail to dev@ with your wish. Then 
we can better inact. This mail thread is about a fixed security issues 
which is for sure not related to import/export .docx files. ;-)

Thanks for your understanding.

Marcus


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org

Re: [CVE-2020-13958] Apache OpenOffice - Unrestricted actions leads to arbitrary code execution in crafted documents

[Alain DUFOUR <al...@gmail.com>]

Hello from GB

I am sorry to disturb you with a subject which is probably not what you are 
after at the moment
Found you in the development section.
My question is worth considering and forwarding to the ad hoc development 
team.

Congratulation to the extraordinary achievement of 300 M + downloads

Can I take this mail for the opportunity to make a suggestion of including
.docx in the compatible formats in Writer. It is very often that we receive
this format from people and the conversion to .doc Microsoft 97/2000/XP
(which is the nearest format available) is not right and produce some
glitches.

It might be some work until that is possible, but it is to be considered as
a major positive point for MS users to rejoin our community.
I would be glad if you forward this request to the development team who is
in charge.

Also recommend them to carry on testing compatibility with using Windows as
I had a major freezing - making the cursor disappear and all functions
inoperative – not identified the cause and needed a full re-installation 
from scratch (very
unfortunate)

Congratulation again

Alain Dufour
A user for many years and a believer in free source

-----Message d'origine----- 
From: Dave Fisher
Sent: Wednesday, November 11, 2020 12:35 AM
To: announce@apache.org ; security@openoffice.apache.org
Cc: announce@openoffice.apache.org ; dev ; Imre Rad
Subject: [CVE-2020-13958] Apache OpenOffice - Unrestricted actions leads to 
arbitrary code execution in crafted documents

CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in 
crafted documents

Fixed in Apache OpenOffice 4.1.8

Description

A vulnerability in Apache OpenOffice scripting events allows an attacker to 
construct
documents containing hyperlinks pointing to an executable on the target 
users file system.
These hyperlinks can be triggered unconditionally. In fixed versions no 
internal protocol
may be called from the document event handler and other hyperlinks require a 
control-click.

Severity: Low

There are no known exploits of this vulnerability.
A proof-of-concept demonstration exists.

Vendor: The Apache Software Foundation

Versions Affected

Apache OpenOffice 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 
4.1.6, and 4.1.7
OpenOffice.org versions may also be affected.

Mitigation

Install Apache OpenOffice 4.1.8 for the latest maintenance and cumulative 
security fixes.
Use the Apache OpenOffice download page 
(https://www.openoffice.org/download/).

Acknowledgments

The Apache OpenOffice Security Team would like to thank Imre Rad for 
discovering and
reporting this attack vector.

Further Information

For additional information and assistance, consult the Apache OpenOffice 
Community Forums
(https://forum.openoffice.org) or make requests to the 
users@openoffice.apache.org
(mailto:users@openoffice.apache.org) public mailing list.

The latest information on Apache OpenOffice security bulletins can be found 
at the
Bulletin Archive page (https://www.openoffice.org/security/bulletin.html). 


-- 
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org