content/security/cves/CVE-2012-5639.md

type=cve cve=CVE-2012-5639 cvedesc=Loading internal / external resource without warning. cvefixed=4.1.15 tags=weekly links, java status=published


**Description**

In Apache OpenOffice and LibreOffice embedded content will be opened automatically without that a warning is shown.

**Severity: Moderate**

There are no known exploits of this vulnerability.  
A proof-of-concept demonstration exists.

Thanks to the reporter for discovering this issue.

**Vendor: The Apache Software Foundation**

**Versions Affected**

All Apache OpenOffice versions 4.1.14 and older are affected.  
OpenOffice.org versions may also be affected.

**Mitigation**

Install Apache OpenOffice 4.1.15 for the latest maintenance and cumulative security fixes. Use the Apache OpenOffice [download page](https://www.openoffice.org/download/).

**Acknowledgements**

The Apache OpenOffice Security Team would like to thank Timo Warns and Joachim Mammele for discovering and reporting this issue.

**Further Information**

For additional information and assistance, consult the [Apache OpenOffice Community Forums](https://forum.openoffice.org/) or make requests to the users@openoffice.apache.org public mailing list.

The latest information on Apache OpenOffice security bulletins can be found at the [Bulletin Archive](https://www.openoffice.org/security/bulletin.html) page.