content/security/cves/CVE-2015-4551.html - openoffice-org - Git at Google


 <!DOCTYPE html>
 <html>
     <head>
         <title>CVE-2015-4551</title>
         <style type="text/css"></style>
     </head>

     <body>
     <!-- These were previously defined as XHTML pages.  The current
          wrapping for the site introduces HTML5 headers and formats.
          This version is modified to match the wrapping that is done as part
          of publishing this page and not rely on any particular styling
          beyond <p>.
          -->
         <p>
             <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-4551">CVE-2015-4551</a>
         </p>
         <p>
             <a href="https://www.openoffice.org/security/cves/CVE-2015-4551.html">Apache OpenOffice Advisory</a>
         </p>

         <p style="text-align:center; font-size:largest"><strong>CVE-2015-4551:
         TARGETED DATA DISCLOSURE</strong></p>

         <p style="text-align:center; font-size:larger"><strong>Fixed in Apache OpenOffice 4.1.2</strong></p>


         <p>
             <strong>Version 1.0</strong>
             <br />
             Announced November 4, 2015</p>

         <p>
         A vulnerability in OpenOffice settings of OpenDocument Format
         files and templates allows silent access to files that are
         readable from an user account, over-riding the user's default
         configuration settings.  Once these files are imported into a
         maliciously-crafted document, the data can be silently hidden
         in the document and possibly exported to an external party
         without being observed.
 </p>

         <p>
             <strong>Severity: Important</strong>
         </p>
         <p>There are no known exploits of this vulnerabilty.<br />
            A proof-of-concept demonstration exists.</p>
         <p>
             <strong>Vendor: The Apache Software Foundation</strong>
         </p>

         <p>
             <strong>Versions Affected</strong></p>

         <p>All Apache OpenOffice versions 4.1.1 and older are affected.<br />
             OpenOffice.org versions are also affected.</p>

         <p><strong>Related</strong>:
         <a href="https://www.openoffice.org/security/cves/CVE-2014-3575.html">CVE-2014-3575</a>
         and <a href="https://www.openoffice.org/security/cves/CVE-2012-0037.html">CVE-2012-0037</a></p>

         <p>
             <strong>Mitigation</strong>
         </p>
         <p>Apache OpenOffice users are urged to download and install
         Apache OpenOffice version 4.1.2 or later.</p>
         <p>
         Apache OpenOffice 4.1.2 mitigates this vulnerability by ignoring
         in-document settings that over-ride default behavior when accessing
         data beyond the document itself.  The automatic default behavior
         is changed to make such access evident to the user, who must then
         approve the access.
         </p>
         <p>
             <strong>Nature of Attack</strong>
         </p>
         <p>
         This vulnerability requires an exquisitely crafted attack to
         locate targeted files, silently retrieve them, and then deliver
         their data in a manner that escapes notice.  Knowledge of the
         user's system and specific configuration is generally required.
         </p>
         <p><strong>Precautions</strong></p>
         <p>

         <p>
         In addition to keeping Apache OpenOffice updated, users can reduce
         the threat of this kind of data access from ODF
         documents.  Keep documents and sensitive materials separate from
         common, predictable locations, including on networks.  Require
         additional access permissions for access to sensitive materials
         even when operating under the user's normal account.</p>


         <p>
             <strong>Further Information</strong>
         </p>
         <p>For additional information and assistance, consult the
            <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
            or make requests to the
            <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
            public mailing list.
         </p>
         <p>The latest information on Apache OpenOffice security bulletins
         can be found at the <a href="https://www.openoffice.org/security/bulletin.html">Bulletin
         Archive page</a>.</p>

         <p><strong>Credits</strong></p>
         <p>
         The Apache OpenOffice security team thanks Federico "fox" Scrinzi
         for reporting the defect and Stephan Bergmann of Red Hat for
         analysis and a repair solution.
     </p>

         <hr />

         <p>
             <a href="http://security.openoffice.org">Security Home</a>
     -&gt; <a href="http://security.openoffice.org/security/bulletin.html">Bulletin</a>
     -&gt; <a href="https://www.openoffice.org/security/cves/CVE-2015-4551.html">CVE-2015-4551</a>
         </p>
     </body>
 </html>

	<!DOCTYPE html>
	<html>
	<head>
	<title>CVE-2015-4551</title>
	<style type="text/css"></style>
	</head>

	<body>
	<!-- These were previously defined as XHTML pages. The current
	wrapping for the site introduces HTML5 headers and formats.
	This version is modified to match the wrapping that is done as part
	of publishing this page and not rely on any particular styling
	beyond <p>.
	-->
	<p>
	<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-4551">CVE-2015-4551</a>
	</p>
	<p>
	<a href="https://www.openoffice.org/security/cves/CVE-2015-4551.html">Apache OpenOffice Advisory</a>
	</p>

	<p style="text-align:center; font-size:largest"><strong>CVE-2015-4551:
	TARGETED DATA DISCLOSURE</strong></p>

	<p style="text-align:center; font-size:larger"><strong>Fixed in Apache OpenOffice 4.1.2</strong></p>


	<p>
	<strong>Version 1.0</strong>
	<br />
	Announced November 4, 2015</p>

	<p>
	A vulnerability in OpenOffice settings of OpenDocument Format
	files and templates allows silent access to files that are
	readable from an user account, over-riding the user's default
	configuration settings. Once these files are imported into a
	maliciously-crafted document, the data can be silently hidden
	in the document and possibly exported to an external party
	without being observed.
	</p>

	<p>
	<strong>Severity: Important</strong>
	</p>
	<p>There are no known exploits of this vulnerabilty.<br />
	A proof-of-concept demonstration exists.</p>
	<p>
	<strong>Vendor: The Apache Software Foundation</strong>
	</p>

	<p>
	<strong>Versions Affected</strong></p>

	<p>All Apache OpenOffice versions 4.1.1 and older are affected.<br />
	OpenOffice.org versions are also affected.</p>

	<p><strong>Related</strong>:
	<a href="https://www.openoffice.org/security/cves/CVE-2014-3575.html">CVE-2014-3575</a>
	and <a href="https://www.openoffice.org/security/cves/CVE-2012-0037.html">CVE-2012-0037</a></p>

	<p>
	<strong>Mitigation</strong>
	</p>
	<p>Apache OpenOffice users are urged to download and install
	Apache OpenOffice version 4.1.2 or later.</p>
	<p>
	Apache OpenOffice 4.1.2 mitigates this vulnerability by ignoring
	in-document settings that over-ride default behavior when accessing
	data beyond the document itself. The automatic default behavior
	is changed to make such access evident to the user, who must then
	approve the access.
	</p>
	<p>
	<strong>Nature of Attack</strong>
	</p>
	<p>
	This vulnerability requires an exquisitely crafted attack to
	locate targeted files, silently retrieve them, and then deliver
	their data in a manner that escapes notice. Knowledge of the
	user's system and specific configuration is generally required.
	</p>
	<p><strong>Precautions</strong></p>
	<p>

	<p>
	In addition to keeping Apache OpenOffice updated, users can reduce
	the threat of this kind of data access from ODF
	documents. Keep documents and sensitive materials separate from
	common, predictable locations, including on networks. Require
	additional access permissions for access to sensitive materials
	even when operating under the user's normal account.</p>


	<p>
	<strong>Further Information</strong>
	</p>
	<p>For additional information and assistance, consult the
	<a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
	or make requests to the
	<a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
	public mailing list.
	</p>
	<p>The latest information on Apache OpenOffice security bulletins
	can be found at the <a href="https://www.openoffice.org/security/bulletin.html">Bulletin
	Archive page</a>.</p>

	<p><strong>Credits</strong></p>
	<p>
	The Apache OpenOffice security team thanks Federico "fox" Scrinzi
	for reporting the defect and Stephan Bergmann of Red Hat for
	analysis and a repair solution.
	</p>

	<hr />

	<p>
	<a href="http://security.openoffice.org">Security Home</a>
	-> <a href="http://security.openoffice.org/security/bulletin.html">Bulletin</a>
	-> <a href="https://www.openoffice.org/security/cves/CVE-2015-4551.html">CVE-2015-4551</a>
	</p>
	</body>
	</html>