| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head profile="http://www.w3.org/2005/10/profile"> |
| <title>CVE-2014-3575</title> |
| <style type="text/css"></style> |
| </head> |
| |
| <body> |
| <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-3575">CVE-2014-3575</a></h2> |
| |
| <h3>OpenOffice Targeted Data Exposure Using Crafted OLE Objects</h3> |
| |
| <ul> |
| <h4>Severity: Important</h4> |
| <h4>Vendor: The Apache Software Foundation</h4> |
| <h4>Versions Affected:</h4> |
| <ul> |
| <li>Apache OpenOffice 4.1.0 and older on Windows.</li> |
| <li>OpenOffice.org versions are also affected.</li> |
| </ul> |
| |
| <h4>Description:</h4> |
| <p>The exposure exploits the way OLE previews are generated to embed arbitrary |
| file data into a specially crafted document when it is opened. Data exposure is |
| possible if the updated document is distributed to other parties. |
| |
| <h4>Mitigation</h4> |
| <p>Apache OpenOffice users are advised to <a href="http://download.openoffice.org">upgrade to Apache OpenOffice 4.1.1</a>. |
| Users who are unable to upgrade immediately should be cautious when they are asked to "Update Links" for untrusted documents. |
| |
| <h4>Credits</h4> |
| <p>The Apache OpenOffice security team credits Open-Xchange for reporting this flaw.</p> |
| |
| <hr /> |
| |
| <p><a href="http://security.openoffice.org">Security Home</a> |
| -> <a href="http://security.openoffice.org/security/bulletin.html">Bulletin</a> |
| -> <a href="http://security.openoffice.org/security/cves/CVE-2014-3575.html">CVE-2014-3575</a></p> |
| </body> |
| </html> |
| |