| <!DOCTYPE html> |
| <html> |
| <head> |
| <title>CVE-2016-6803</title> |
| <style type="text/css"></style> |
| </head> |
| |
| <body> |
| <!-- These were previously defined as XHTML pages. The current wrapping |
| for the site introduces HTML5 headers and formats. This version is |
| modified to match the wrapping that is done as part of publishing |
| this page and not rely on any particular styling beyond <p>. |
| --> |
| |
| <p> |
| <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6803"> |
| CVE-2016-6803</a> |
| </p> |
| |
| <p> |
| <a href="https://www.openoffice.org/security/cves/CVE-2016-6803.html"> |
| Apache OpenOffice Advisory</a> |
| </p> |
| |
| <p> |
| <strong>Windows Installer Can Enable Privileged Trojan Execution |
| </strong> |
| </p> |
| |
| <p> |
| <strong>Version 1.0</strong> |
| </p> |
| |
| <p> |
| Announced October 11, 2016 |
| </p> |
| |
| <p> |
| <strong>Description</strong> |
| </p> |
| |
| <p> |
| The Apache OpenOffice installer for Winodws contained a defective |
| operation that could trigger execution of unwanted software |
| installed by a Trojan Horse application. The installer defect |
| is known as an "unquoted Windows search path vulnerability." |
| </p> |
| <p> |
| In the case of Apache OpenOffice installers for Windows, the PC |
| must have previously been infected by a Trojan Horse application |
| (or user) running with administrative privilege. Any installer |
| with the unquoted search path vulnerability becomes a delayed |
| trigger for the exploit. The exploit may already have operated |
| on the user's PC. |
| </p> |
| |
| <p> |
| <strong>Severity: Medium</strong> |
| </p> |
| |
| <p>There are no known exploits of this vulnerabilty.<br /> |
| A proof-of-concept demonstration exists. |
| </p> |
| |
| <p> |
| <strong>Vendor: The Apache Software Foundation</strong> |
| </p> |
| |
| <p> |
| <strong>Versions Affected</strong> |
| </p> |
| |
| <p> |
| All Apache OpenOffice versions 4.1.2 and older are affected.<br /> |
| OpenOffice.org versions are also affected. |
| </p> |
| |
| <p> |
| <strong>Mitigation</strong> |
| </p> |
| |
| <p> |
| Install Apache OpenOffice 4.1.3 for the latest maintenance and |
| cumulative security fixes. Use the Apache OpenOffice |
| <a href="https://www.openoffice.org/download/">download page</a>. |
| <br /><br /> |
| If instead of a typical installation you use a custom-installation |
| option to change the location where Apache OpenOffice is installed, |
| use a location that has no spaces in its full-path name. |
| </p> |
| |
| <p> |
| <strong>Defenses and Work-Arounds</strong> |
| </p> |
| |
| <p> |
| If you are unable to update to 4.1.3, there are other precautions |
| that can be taken. These precausions are also recommended as protection against other software that may have the vulnerability. |
| <br /><br /> |
| Ensure that there are no programs installed at the top-level folder |
| (usually C:\) where Windows is installed. All are dangerous, |
| especially ones named "Program", whether "Program.exe" or some |
| other variation. |
| <br /><br /> |
| If such programs are found, install or update to current |
| anti-virus/-malware software. Perform a complete system scan. |
| The scan may provide for removal of programs where there should |
| not be any. If that does not happen, it is necessary to remove |
| any Program.exe and others manually using administrator privilege. |
| </p> |
| |
| <p> |
| <strong>Further Information</strong> |
| </p> |
| |
| <p> |
| For additional information and assistance, consult the |
| <a href="https://forum.openoffice.org/">Apache OpenOffice |
| Community Forums</a>, or make requests to the |
| <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a> |
| public mailing list. Defects not involving suspected security |
| vulnerabilities can be reported with a normal issue via |
| <a href="https://www.openoffice.org/qa/issue_handling/pre_submission.html">Bugzilla</a>. |
| </p> |
| |
| <p> |
| The latest information on Apache OpenOffice security bulletins can |
| be found at the |
| <a href="https://www.openoffice.org/security/bulletin.html"> |
| Bulletin Archive page</a>. |
| </p> |
| |
| <p> |
| <strong>Credits</strong> |
| </p> |
| |
| <p> |
| The Apache OpenOffice project acknowledges the reporting and |
| analysis for CVE-2016-6803 by Cyril Vallicari. |
| </p> |
| |
| <hr /> |
| |
| <p> |
| <a href="https://www.openoffice.org/security/">Security Home</a> |
| -> <a href="https://www.openoffice.org/security/bulletin.html"> |
| Bulletin</a> |
| -> <a href="https://www.openoffice.org/security/cves/CVE-2016-1513.html"> |
| CVE-2016-1513</a> |
| </p> |
| |
| </body> |
| </html> |