CVE-2014-3575 - OpenCVE

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Openoffice
Libreoffice	Libreoffice
Redhat	Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server

Configuration 1 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 2 [-]

cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:libreoffice:libreoffice::::::::
	cpe:2.3:a:libreoffice:libreoffice::::::::

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html	Broken Link
http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/	Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0377.html	Third Party Advisory
http://secunia.com/advisories/59600	Broken Link
http://secunia.com/advisories/59877	Broken Link
http://www.openoffice.org/security/cves/CVE-2014-3575.html	Vendor Advisory
http://www.securityfocus.com/bid/69354	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030754	Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95420	Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201603-05	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2014-08-27T00:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3575

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-08-27T00:55:04.037

Modified: 2022-02-07T16:32:43.867

Link: CVE-2014-3575

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-21T00:00:00", "descriptions": [{"lang": "en", "value": "The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2014-10732", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html"}, {"name": "69354", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69354"}, {"name": "apache-openoffice-cve20143575-info-disc(95420)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95420"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openoffice.org/security/cves/CVE-2014-3575.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"}, {"name": "RHSA-2015:0377", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"}, {"name": "59877", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59877"}, {"name": "20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html"}, {"name": "GLSA-201603-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-05"}, {"name": "59600", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59600"}, {"name": "1030754", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030754"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3575", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2014-10732", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html"}, {"name": "69354", "refsource": "BID", "url": "http://www.securityfocus.com/bid/69354"}, {"name": "apache-openoffice-cve20143575-info-disc(95420)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95420"}, {"name": "http://www.openoffice.org/security/cves/CVE-2014-3575.html", "refsource": "CONFIRM", "url": "http://www.openoffice.org/security/cves/CVE-2014-3575.html"}, {"name": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/", "refsource": "CONFIRM", "url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"}, {"name": "RHSA-2015:0377", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"}, {"name": "59877", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59877"}, {"name": "20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html"}, {"name": "GLSA-201603-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-05"}, {"name": "59600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59600"}, {"name": "1030754", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030754"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3575", "datePublished": "2014-08-27T00:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "B33E0CB6-2B56-45AC-9268-8AD54AC99DC0", "versionEndExcluding": "4.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEF647EF-54CE-43BC-A5D2-5FA854BEFB46", "versionEndExcluding": "4.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "4341B2DF-D74B-4EF6-8975-35E18308797B", "versionEndExcluding": "4.3.1", "versionStartIncluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects."}, {"lang": "es", "value": "La generaci\u00f3n de previsualizaciones OLE en Apache OpenOffice anterior a 4.1.1 y OpenOffice.org (OOo) podr\u00eda permitir a atacantes remotos embeber datos arbitrarios en documentos a trav\u00e9s de objetos OLE manipulados."}], "id": "CVE-2014-3575", "lastModified": "2022-02-07T16:32:43.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-08-27T00:55:04.037", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59600"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59877"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.openoffice.org/security/cves/CVE-2014-3575.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/69354"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030754"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95420"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201603-05"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}