The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/93774 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037016 | Third Party Advisory VDB Entry |
https://www.openoffice.org/security/cves/CVE-2016-6804.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2017-11-18T00:00:00
Updated: 2017-11-21T10:57:01
Reserved: 2016-08-12T00:00:00
Link: CVE-2016-6804
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-20T15:29:00.200
Modified: 2019-11-20T21:00:41.017
Link: CVE-2016-6804
JSON object: View
Redhat Information
No data.
CWE