Vulnerability Description
An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Openoffice | <= 4.1.2 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94418Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037015Third Party AdvisoryVDB Entry
- https://www.openoffice.org/security/cves/CVE-2016-6803.htmlIssue TrackingVendor Advisory
- http://www.securityfocus.com/bid/94418Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037015Third Party AdvisoryVDB Entry
- https://www.openoffice.org/security/cves/CVE-2016-6803.htmlIssue TrackingVendor Advisory
FAQ
What is CVE-2016-6803?
CVE-2016-6803 is a vulnerability with a CVSS score of 7.8 (HIGH). An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan H...
How severe is CVE-2016-6803?
CVE-2016-6803 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6803?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Openoffice, Microsoft Windows.