content/security/cves/CVE-2016-6803.html - openoffice-org - Git at Google

 <!DOCTYPE html>
 <html>
     <head>
         <title>CVE-2016-6803</title>
         <style type="text/css"></style>
     </head>

     <body>
     <!-- These were previously defined as XHTML pages. The current wrapping
          for the site introduces HTML5 headers and formats. This version is
          modified to match the wrapping that is done as part of publishing
          this page and not rely on any particular styling beyond <p>.
          -->

         <p>
           <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6803">
           CVE-2016-6803</a>
         </p>

         <p>
           <a href="https://www.openoffice.org/security/cves/CVE-2016-6803.html">
           Apache OpenOffice Advisory</a>
         </p>

         <p>
           <strong>Windows Installer Can Enable Privileged Trojan Execution
           </strong>
         </p>

         <p>
           <strong>Version 1.0</strong>
         </p>

         <p>
           Announced October 11, 2016
         </p>

         <p>
           <strong>Description</strong>
         </p>

         <p>
           The Apache OpenOffice installer for Winodws contained a defective
           operation that could trigger execution of unwanted software
           installed by a Trojan Horse application.  The installer defect
           is known as an "unquoted Windows search path vulnerability."
         </p>
         <p>
           In the case of Apache OpenOffice installers for Windows, the PC
           must have previously been infected by a Trojan Horse application
           (or user) running with administrative privilege.  Any installer
           with the unquoted search path vulnerability becomes a delayed
           trigger for the exploit.  The exploit may already have operated
           on the user's PC.
         </p>

         <p>
           <strong>Severity: Medium</strong>
         </p>

         <p>There are no known exploits of this vulnerabilty.<br />
           A proof-of-concept demonstration exists.
         </p>

         <p>
           <strong>Vendor: The Apache Software Foundation</strong>
         </p>

         <p>
           <strong>Versions Affected</strong>
         </p>

         <p>
           All Apache OpenOffice versions 4.1.2 and older are affected.<br />
           OpenOffice.org versions are also affected.
         </p>

         <p>
           <strong>Mitigation</strong>
         </p>

         <p>
           Install Apache OpenOffice 4.1.3 for the latest maintenance and
           cumulative security fixes.  Use the Apache OpenOffice
           <a href="https://www.openoffice.org/download/">download page</a>.
           <br /><br />
           If instead of a typical installation you use a custom-installation
           option to change the location where Apache OpenOffice is installed,
           use a location that has no spaces in its full-path name.
         </p>

         <p>
           <strong>Defenses and Work-Arounds</strong>
         </p>

         <p>
           If you are unable to update to 4.1.3, there are other precautions
           that can be taken.  These precausions are also recommended as protection against other software that may have the vulnerability.
           <br /><br />
           Ensure that there are no programs installed at the top-level folder
           (usually C:\) where Windows is installed.  All are dangerous,
           especially ones named "Program", whether "Program.exe" or some
           other variation.
           <br /><br />
           If such programs are found, install or update to current
           anti-virus/-malware software.  Perform a complete system scan.
           The scan may provide for removal of programs where there should
           not be any.  If that does not happen, it is necessary to remove
           any Program.exe and others manually using administrator privilege.
         </p>

         <p>
            <strong>Further Information</strong>
         </p>

         <p>
           For additional information and assistance, consult the
           <a href="https://forum.openoffice.org/">Apache OpenOffice
           Community Forums</a>, or make requests to the
           <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
           public mailing list. Defects not involving suspected security
           vulnerabilities can be reported with a normal issue via
           <a href="https://www.openoffice.org/qa/issue_handling/pre_submission.html">Bugzilla</a>.
         </p>

         <p>
           The latest information on Apache OpenOffice security bulletins can
           be found at the
           <a href="https://www.openoffice.org/security/bulletin.html">
           Bulletin Archive page</a>.
         </p>

         <p>
           <strong>Credits</strong>
         </p>

         <p>
           The Apache OpenOffice project acknowledges the reporting and
           analysis for CVE-2016-6803 by Cyril Vallicari.
         </p>

         <hr />

         <p>
           <a href="https://www.openoffice.org/security/">Security Home</a>
           -&gt; <a href="https://www.openoffice.org/security/bulletin.html">
           Bulletin</a>
           -&gt; <a href="https://www.openoffice.org/security/cves/CVE-2016-1513.html">
           CVE-2016-1513</a>
         </p>

     </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<title>CVE-2016-6803</title>
	<style type="text/css"></style>
	</head>

	<body>
	<!-- These were previously defined as XHTML pages. The current wrapping
	for the site introduces HTML5 headers and formats. This version is
	modified to match the wrapping that is done as part of publishing
	this page and not rely on any particular styling beyond <p>.
	-->

	<p>
	<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6803">
	CVE-2016-6803</a>
	</p>

	<p>
	<a href="https://www.openoffice.org/security/cves/CVE-2016-6803.html">
	Apache OpenOffice Advisory</a>
	</p>

	<p>
	<strong>Windows Installer Can Enable Privileged Trojan Execution
	</strong>
	</p>

	<p>
	<strong>Version 1.0</strong>
	</p>

	<p>
	Announced October 11, 2016
	</p>

	<p>
	<strong>Description</strong>
	</p>

	<p>
	The Apache OpenOffice installer for Winodws contained a defective
	operation that could trigger execution of unwanted software
	installed by a Trojan Horse application. The installer defect
	is known as an "unquoted Windows search path vulnerability."
	</p>
	<p>
	In the case of Apache OpenOffice installers for Windows, the PC
	must have previously been infected by a Trojan Horse application
	(or user) running with administrative privilege. Any installer
	with the unquoted search path vulnerability becomes a delayed
	trigger for the exploit. The exploit may already have operated
	on the user's PC.
	</p>

	<p>
	<strong>Severity: Medium</strong>
	</p>

	<p>There are no known exploits of this vulnerabilty.<br />
	A proof-of-concept demonstration exists.
	</p>

	<p>
	<strong>Vendor: The Apache Software Foundation</strong>
	</p>

	<p>
	<strong>Versions Affected</strong>
	</p>

	<p>
	All Apache OpenOffice versions 4.1.2 and older are affected.<br />
	OpenOffice.org versions are also affected.
	</p>

	<p>
	<strong>Mitigation</strong>
	</p>

	<p>
	Install Apache OpenOffice 4.1.3 for the latest maintenance and
	cumulative security fixes. Use the Apache OpenOffice
	<a href="https://www.openoffice.org/download/">download page</a>.
	<br /><br />
	If instead of a typical installation you use a custom-installation
	option to change the location where Apache OpenOffice is installed,
	use a location that has no spaces in its full-path name.
	</p>

	<p>
	<strong>Defenses and Work-Arounds</strong>
	</p>

	<p>
	If you are unable to update to 4.1.3, there are other precautions
	that can be taken. These precausions are also recommended as protection against other software that may have the vulnerability.
	<br /><br />
	Ensure that there are no programs installed at the top-level folder
	(usually C:\) where Windows is installed. All are dangerous,
	especially ones named "Program", whether "Program.exe" or some
	other variation.
	<br /><br />
	If such programs are found, install or update to current
	anti-virus/-malware software. Perform a complete system scan.
	The scan may provide for removal of programs where there should
	not be any. If that does not happen, it is necessary to remove
	any Program.exe and others manually using administrator privilege.
	</p>

	<p>
	<strong>Further Information</strong>
	</p>

	<p>
	For additional information and assistance, consult the
	<a href="https://forum.openoffice.org/">Apache OpenOffice
	Community Forums</a>, or make requests to the
	<a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
	public mailing list. Defects not involving suspected security
	vulnerabilities can be reported with a normal issue via
	<a href="https://www.openoffice.org/qa/issue_handling/pre_submission.html">Bugzilla</a>.
	</p>

	<p>
	The latest information on Apache OpenOffice security bulletins can
	be found at the
	<a href="https://www.openoffice.org/security/bulletin.html">
	Bulletin Archive page</a>.
	</p>

	<p>
	<strong>Credits</strong>
	</p>

	<p>
	The Apache OpenOffice project acknowledges the reporting and
	analysis for CVE-2016-6803 by Cyril Vallicari.
	</p>

	<hr />

	<p>
	<a href="https://www.openoffice.org/security/">Security Home</a>
	-> <a href="https://www.openoffice.org/security/bulletin.html">
	Bulletin</a>
	-> <a href="https://www.openoffice.org/security/cves/CVE-2016-1513.html">
	CVE-2016-1513</a>
	</p>

	</body>
	</html>