Bug 1138882 (CVE-2014-3575) - CVE-2014-3575 openoffice: Arbitrary file disclosure via crafted OLE objects
Summary: CVE-2014-3575 openoffice: Arbitrary file disclosure via crafted OLE objects
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-3575
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1139592 1164736
Blocks: 1121513 1138878
TreeView+ depends on / blocked
 
Reported: 2014-09-05 22:31 UTC by Vincent Danen
Modified: 2021-02-17 06:15 UTC (History)
7 users (show)

Fixed In Version: openoffice.org 4.1.1
Doc Type: Bug Fix
Doc Text:
A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution.
Clone Of:
Environment:
Last Closed: 2015-07-10 03:13:40 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0377 0 normal SHIPPED_LIVE Moderate: libreoffice security, bug fix, and enhancement update 2015-03-05 13:48:57 UTC

Description Vincent Danen 2014-09-05 22:31:38 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-3575 to
the following vulnerability:

Name: CVE-2014-3575
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575
Assigned: 20140514
Reference: BUGTRAQ:20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects
Reference: http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html
Reference: SECTRACK:1030754
Reference: http://www.securitytracker.com/id/1030754
Reference: XF:apache-openoffice-cve20143575-info-disc(95420)
Reference: http://xforce.iss.net/xforce/xfdb/95420

The OLE preview generation in Apache OpenOffice before 4.1.1 and
OpenOffice.org (OOo) might allow remote attackers to embed arbitrary
data into documents via crafted OLE objects.

Comment 3 Huzaifa S. Sidhpurwala 2014-09-09 09:40:00 UTC
Created libreoffice tracking bugs for this issue:

Affects: fedora-all [bug 1139592]

Comment 6 Huzaifa S. Sidhpurwala 2014-11-26 07:08:13 UTC
As per the upstream advisory:

The vulnerability allows an attacker to send a document which when opened will trigger the prompt to "Update Links" but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties.

Reference:

http://www.libreoffice.org/about-us/security/advisories/cve-2014-3575/

Comment 7 Huzaifa S. Sidhpurwala 2014-11-27 05:06:42 UTC
Mitigation:

- Whenever possible, exercise caution when opening documents sent by unknown/untrusted parties.

- If "Update Links" dialog is seen, when opening a document, do not send this document to others, since it may be possible that local files got attached to the document. (The exploit only works when the document is sent over to the attacker after opening it on your system using LibreOffice/OpenOffice)

Comment 8 Huzaifa S. Sidhpurwala 2014-11-27 05:12:14 UTC
Statement:

This issue affects the version of OpenOffice.org as shipped in Red Hat Enterprise Linux 5, and the version of LibreOffice as shipped in Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this issue as having Moderate security impact and is not planned to be addressed in any future updates.

Comment 9 errata-xmlrpc 2015-03-05 08:51:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:0377 https://rhn.redhat.com/errata/RHSA-2015-0377.html


Note You need to log in before you can comment on or make changes to this bug.