Common Vulnerabilities and Exposures assigned an identifier CVE-2014-3524 to the following vulnerability: Name: CVE-2014-3524 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3524 Assigned: 20140514 Reference: BUGTRAQ:20140821 CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability Reference: http://www.securityfocus.com/archive/1/archive/1/533200/100/0/threaded Reference: http://www.securityfocus.com/bid/69351 Reference: SECTRACK:1030755 Reference: http://www.securitytracker.com/id/1030755 Reference: XF:apache-openoffice-cve20143524-command-exec(95421) Reference: http://xforce.iss.net/xforce/xfdb/95421 Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
This is a flaw in the way LibreOffice/OpenOffice works with Dynamic Data Exchange in Windows. It does not affect Linux builds. Statement: Not vulnerable. This issue does not affect the version of OpenOffice as shipped in Red Hat Enterprise Linux 5. This issue does not affect the version of LibreOffice as shipped in Red Hat Enterprise Linux 6 and 7.
Upstream commits: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-2&id=1e7502f3c8b8d751dd851c3f146debf2678781ec http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-2&id=3d1cb5397d95bba5426ac5372bbd7644aac88409