Apache OpenOffice Calc Command Injection Vulnerability (CVE-2014-3524)

Apache OpenOffice Calc Command Injection Vulnerability (CVE-2014-3524)

Release date:
Updated on:

Affected Systems:
OpenOffice
Unaffected system:
OpenOffice <= 4.1.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69351
CVE (CAN) ID: CVE-2014-3524
 
OpenOffice was originally Sun's commercial Office software-StarOffice. After Sun's public code, it was officially named OpenOffice development plan.
 
OpenOffice 4.1.0 and earlier versions have the command injection vulnerability when loading Calc workbooks. The constructed document can be used to exploit this vulnerability. After successful exploitation, attackers can execute arbitrary commands in the context of the affected application.
 
<* Source: Open-Xchange
James Kettle

Link: http://seclists.org/bugtraq/2014/Aug/114
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
OpenOffice
----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://www.openoffice.org/security

Install OpenOffice document conversion service on Ubuntu Server

OpenOffice.org green installation in Ubuntu and Fedora Systems

RHCE_RHEL6 64-bit OpenOffice Installation

Install OpenOffice 3.4.1 In openSUSE 12.2

OpenOffice releases a new template website

OpenOffice details: click here
OpenOffice: click here

This article permanently updates the link address: