CVE-2014-3524 — HIGH (9.3) — White Hats Nepal

Q: What is CVE-2014-3524?

CVE-2014-3524 is a vulnerability with a CVSS score of 9.3 (HIGH). Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

Q: How severe is CVE-2014-3524?

CVE-2014-3524 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3524?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Openoffice, Libreoffice Libreoffice.

Vulnerability Description

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Apache	Openoffice	< 4.1.1
Libreoffice	Libreoffice	< 4.2.6

Related Weaknesses (CWE)

CWE-77

References

http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/Vendor Advisory
http://secunia.com/advisories/59600Broken Link
http://secunia.com/advisories/59877Broken Link
http://secunia.com/advisories/60235Broken Link
http://www.openoffice.org/security/cves/CVE-2014-3524.htmlVendor Advisory
http://www.securityfocus.com/archive/1/533200/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/69351Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1030755Broken LinkThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95421Third Party AdvisoryVDB Entry
https://security.gentoo.org/glsa/201603-05Third Party Advisory
http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/Vendor Advisory
http://secunia.com/advisories/59600Broken Link
http://secunia.com/advisories/59877Broken Link
http://secunia.com/advisories/60235Broken Link
http://www.openoffice.org/security/cves/CVE-2014-3524.htmlVendor Advisory

FAQ

What is CVE-2014-3524?

CVE-2014-3524 is a vulnerability with a CVSS score of 9.3 (HIGH). Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

How severe is CVE-2014-3524?

CVE-2014-3524 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3524?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Openoffice, Libreoffice Libreoffice.