CVE-2014-3524

OpenOffice Calc Command Injection Vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

• Apache OpenOffice 4.1.0 and older on Windows.
• OpenOffice.org versions are also affected.

Description:

The vulnerability allows command injection when loading Calc spreadsheets. Specially crafted documents can be used for command-injection attacks. Further exploits are possible but have not been verified.

Mitigation

Apache OpenOffice users are advised to upgrade to Apache OpenOffice 4.1.1. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

Credits

The Apache OpenOffice security team credits Rohan Durve and James Kettle of Context Information Security as the discoverer of this flaw.

---

Security Home -> Bulletin -> CVE-2014-3524