Bug 1134172 (CVE-2014-3524)

Summary: CVE-2014-3524 libreoffice/openoffice.org: CSV command injection and DDE formulas
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: caolanm, dtardon, erack, ltinkl, mstahl, sbergman, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-27 04:10:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1138878    

Description Murray McAllister 2014-08-27 04:09:43 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-3524 to
the following vulnerability:

Name: CVE-2014-3524
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3524
Assigned: 20140514
Reference: BUGTRAQ:20140821 CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability
Reference: http://www.securityfocus.com/archive/1/archive/1/533200/100/0/threaded
Reference: http://www.securityfocus.com/bid/69351
Reference: SECTRACK:1030755
Reference: http://www.securitytracker.com/id/1030755
Reference: XF:apache-openoffice-cve20143524-command-exec(95421)
Reference: http://xforce.iss.net/xforce/xfdb/95421

Apache OpenOffice before 4.1.1 allows remote attackers to execute
arbitrary commands and possibly have other unspecified impact via a
crafted Calc spreadsheet.
Comment 1 Murray McAllister 2014-08-27 04:10:20 UTC 
This is a flaw in the way LibreOffice/OpenOffice works with Dynamic Data Exchange in Windows. It does not affect Linux builds.

Statement:

Not vulnerable. This issue does not affect the version of OpenOffice as shipped in Red Hat Enterprise Linux 5. This issue does not affect the version of LibreOffice as shipped in Red Hat Enterprise Linux 6 and 7.
Comment 5 Huzaifa S. Sidhpurwala 2014-09-09 09:32:18 UTC 
Upstream commits:

http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-2&id=1e7502f3c8b8d751dd851c3f146debf2678781ec
http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-2&id=3d1cb5397d95bba5426ac5372bbd7644aac88409