HomeFreeBSD

Document vulnerability in editors/openoffice-4 < 4.1.8 and openoffice-devel

Description

Document vulnerability in editors/openoffice-4 < 4.1.8 and openoffice-devel

CVE-2020-13958 Unrestricted actions leads to arbitrary code execution
in crafted documents

A vulnerability in Apache OpenOffice scripting events allows an
attacker to construct documents containing hyperlinks pointing to
an executable on the target users file system. These hyperlinks can
be triggered unconditionally. In fixed versions no internal protocol
may be called from the document event handler and other hyperlinks
require a control-click.

https://www.openoffice.org/security/cves/CVE-2020-13958.html

Details

Provenance
truckmanAuthored on
Parents
rP554860: Update to 7.5
Branches
Unknown
Tags
Unknown