| <!DOCTYPE html> |
| <html> |
| <head> |
| <title>CVE-2016-6804</title> |
| <style type="text/css"></style> |
| </head> |
| |
| <body> |
| <!-- These were previously defined as XHTML pages. The current wrapping |
| for the site introduces HTML5 headers and formats. This version is |
| modified to match the wrapping that is done as part of publishing |
| this page and not rely on any particular styling beyond <p>. |
| --> |
| |
| <p> |
| <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6804"> |
| CVE-2016-6804</a> |
| </p> |
| |
| <p> |
| <a href="https://www.openoffice.org/security/cves/CVE-2016-6804.html"> |
| Apache OpenOffice Advisory</a> |
| </p> |
| |
| <p> |
| <strong>Windows Installer Execution of Arbitrary Code with |
| Elevated Privileges |
| </strong> |
| </p> |
| |
| <p> |
| <strong>Version 1.0</strong> |
| </p> |
| |
| <p> |
| Announced October 11, 2016 |
| </p> |
| |
| <p> |
| <strong>Description</strong> |
| </p> |
| |
| <p> |
| The Apache OpenOffice installer for Winodws contained a defective |
| operation that allows execution of arbitrary code with elevated |
| privileges. |
| </p> |
| <p>The location in which the installer is run may have been |
| previously poisoned by a file that impersonates a dynamic-link |
| library that the installer depends upon. The counterfeit is |
| operated instead because of a search path defect in the |
| installer. The counterfeit will be operated under the |
| administrative privileges of the OpenOffice installer, |
| compromising the users's PC. |
| </p> |
| |
| <p> |
| <strong>Severity: Medium</strong> |
| </p> |
| |
| <p>There are no known exploits of this vulnerabilty.<br /> |
| A proof-of-concept demonstration exists. |
| </p> |
| |
| <p> |
| <strong>Vendor: The Apache Software Foundation</strong> |
| </p> |
| |
| <p> |
| <strong>Versions Affected</strong> |
| </p> |
| |
| <p> |
| All Apache OpenOffice versions 4.1.2 and older are affected.<br /> |
| OpenOffice.org versions are also affected. |
| </p> |
| |
| <p> |
| <strong>Mitigation</strong> |
| </p> |
| |
| <p> |
| Install Apache OpenOffice 4.1.3 for the latest maintenance and |
| cumulative security fixes. Use the Apache OpenOffice |
| <a href="https://www.openoffice.org/download/">download page</a>. |
| </p> |
| |
| <p> |
| <strong>Defenses and Work-Arounds</strong> |
| </p> |
| |
| <p> |
| If you are unable to update to 4.1.3, there are other precautions |
| that can be taken. These precausions are also recommended as protection against other software that may have the vulnerability. |
| <br /><br /> |
| When executing .exe installers, ensure that the installer is in a file folder that has no other files but the installer .exe file. |
| <br /><br /> |
| If an installer proposes a folder to extract the setup files |
| into before the actual install, choose the name of a folder that is not in use. Delete such a folder of setup files after the installation completes successfully. To reinstall without |
| downloading again, preserve the installer .exe on private |
| removable storage. |
| </p> |
| |
| <p> |
| <strong>Further Information</strong> |
| </p> |
| |
| <p> |
| For additional information and assistance, consult the |
| <a href="https://forum.openoffice.org/">Apache OpenOffice |
| Community Forums</a>, or make requests to the |
| <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a> |
| public mailing list. Defects not involving suspected security |
| vulnerabilities can be reported with a normal issue via |
| <a href="https://www.openoffice.org/qa/issue_handling/pre_submission.html">Bugzilla</a>. |
| </p> |
| |
| <p> |
| The latest information on Apache OpenOffice security bulletins can |
| be found at the |
| <a href="https://www.openoffice.org/security/bulletin.html"> |
| Bulletin Archive page</a>. |
| </p> |
| |
| <p> |
| <strong>Credits</strong> |
| </p> |
| |
| <p> |
| The Apache OpenOffice project acknowledges the reporting and |
| analysis for CVE-2016-6804 by Stefan Kanthak and by Himanshu |
| Mehta. |
| </p> |
| |
| <hr /> |
| |
| <p> |
| <a href="https://www.openoffice.org/security/">Security Home</a> |
| -> <a href="https://www.openoffice.org/security/bulletin.html"> |
| Bulletin</a> |
| -> <a href="https://www.openoffice.org/security/cves/CVE-2016-1513.html"> |
| CVE-2016-1513</a> |
| </p> |
| |
| </body> |
| </html> |