[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115190

 
 

909

 
 

90025

 
 

140

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-3157Date: (C)2017-11-29   (M)2018-09-27


By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.5CVSS Score : 4.3
Exploit Score: 1.8Exploit Score: 8.6
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECTRACK-1037893
BID-96402
DSA-3792
RHSA-2017:0914
RHSA-2017:0979
https://www.openoffice.org/security/cves/CVE-2017-3157.html

CPE    2
cpe:/o:debian:debian_linux:9.0
cpe:/o:debian:debian_linux:8.0
CWE    1
CWE-200
OVAL    14
oval:org.secpod.oval:def:1502146
oval:org.secpod.oval:def:1501838
oval:org.secpod.oval:def:40422
oval:org.secpod.oval:def:703487
...

© SecPod Technologies