Vulnerability CVE-2015-4551
Published: 2015-11-10

Description:
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Libreoffice -> Libreoffice 
Debian -> Debian linux 
Canonical -> Ubuntu linux 
Apache -> Openoffice 

 References:
http://rhn.redhat.com/errata/RHSA-2015-2619.html
http://www.debian.org/security/2015/dsa-3394
http://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/
http://www.openoffice.org/security/cves/CVE-2015-4551.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/77486
http://www.securitytracker.com/id/1034085
http://www.securitytracker.com/id/1034091
http://www.ubuntu.com/usn/USN-2793-1
https://security.gentoo.org/glsa/201603-05
https://security.gentoo.org/glsa/201611-03
Copyright 2024, cxsecurity.com

 

Back to Top