| |
| <!DOCTYPE html> |
| <html> |
| <head> |
| <title>CVE-2015-4551</title> |
| <style type="text/css"></style> |
| </head> |
| |
| <body> |
| <!-- These were previously defined as XHTML pages. The current |
| wrapping for the site introduces HTML5 headers and formats. |
| This version is modified to match the wrapping that is done as part |
| of publishing this page and not rely on any particular styling |
| beyond <p>. |
| --> |
| <p> |
| <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-4551">CVE-2015-4551</a> |
| </p> |
| <p> |
| <a href="https://www.openoffice.org/security/cves/CVE-2015-4551.html">Apache OpenOffice Advisory</a> |
| </p> |
| |
| <p style="text-align:center; font-size:largest"><strong>CVE-2015-4551: |
| TARGETED DATA DISCLOSURE</strong></p> |
| |
| <p style="text-align:center; font-size:larger"><strong>Fixed in Apache OpenOffice 4.1.2</strong></p> |
| |
| |
| <p> |
| <strong>Version 1.0</strong> |
| <br /> |
| Announced November 4, 2015</p> |
| |
| <p> |
| A vulnerability in OpenOffice settings of OpenDocument Format |
| files and templates allows silent access to files that are |
| readable from an user account, over-riding the user's default |
| configuration settings. Once these files are imported into a |
| maliciously-crafted document, the data can be silently hidden |
| in the document and possibly exported to an external party |
| without being observed. |
| </p> |
| |
| <p> |
| <strong>Severity: Important</strong> |
| </p> |
| <p>There are no known exploits of this vulnerabilty.<br /> |
| A proof-of-concept demonstration exists.</p> |
| <p> |
| <strong>Vendor: The Apache Software Foundation</strong> |
| </p> |
| |
| <p> |
| <strong>Versions Affected</strong></p> |
| |
| <p>All Apache OpenOffice versions 4.1.1 and older are affected.<br /> |
| OpenOffice.org versions are also affected.</p> |
| |
| <p><strong>Related</strong>: |
| <a href="https://www.openoffice.org/security/cves/CVE-2014-3575.html">CVE-2014-3575</a> |
| and <a href="https://www.openoffice.org/security/cves/CVE-2012-0037.html">CVE-2012-0037</a></p> |
| |
| <p> |
| <strong>Mitigation</strong> |
| </p> |
| <p>Apache OpenOffice users are urged to download and install |
| Apache OpenOffice version 4.1.2 or later.</p> |
| <p> |
| Apache OpenOffice 4.1.2 mitigates this vulnerability by ignoring |
| in-document settings that over-ride default behavior when accessing |
| data beyond the document itself. The automatic default behavior |
| is changed to make such access evident to the user, who must then |
| approve the access. |
| </p> |
| <p> |
| <strong>Nature of Attack</strong> |
| </p> |
| <p> |
| This vulnerability requires an exquisitely crafted attack to |
| locate targeted files, silently retrieve them, and then deliver |
| their data in a manner that escapes notice. Knowledge of the |
| user's system and specific configuration is generally required. |
| </p> |
| <p><strong>Precautions</strong></p> |
| <p> |
| |
| <p> |
| In addition to keeping Apache OpenOffice updated, users can reduce |
| the threat of this kind of data access from ODF |
| documents. Keep documents and sensitive materials separate from |
| common, predictable locations, including on networks. Require |
| additional access permissions for access to sensitive materials |
| even when operating under the user's normal account.</p> |
| |
| |
| <p> |
| <strong>Further Information</strong> |
| </p> |
| <p>For additional information and assistance, consult the |
| <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a> |
| or make requests to the |
| <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a> |
| public mailing list. |
| </p> |
| <p>The latest information on Apache OpenOffice security bulletins |
| can be found at the <a href="https://www.openoffice.org/security/bulletin.html">Bulletin |
| Archive page</a>.</p> |
| |
| <p><strong>Credits</strong></p> |
| <p> |
| The Apache OpenOffice security team thanks Federico "fox" Scrinzi |
| for reporting the defect and Stephan Bergmann of Red Hat for |
| analysis and a repair solution. |
| </p> |
| |
| <hr /> |
| |
| <p> |
| <a href="http://security.openoffice.org">Security Home</a> |
| -> <a href="http://security.openoffice.org/security/bulletin.html">Bulletin</a> |
| -> <a href="https://www.openoffice.org/security/cves/CVE-2015-4551.html">CVE-2015-4551</a> |
| </p> |
| </body> |
| </html> |