{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-21T00:00:00", "descriptions": [{"lang": "en", "value": "The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2014-10732", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html"}, {"name": "69354", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69354"}, {"name": "apache-openoffice-cve20143575-info-disc(95420)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95420"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openoffice.org/security/cves/CVE-2014-3575.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"}, {"name": "RHSA-2015:0377", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"}, {"name": "59877", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59877"}, {"name": "20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html"}, {"name": "GLSA-201603-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-05"}, {"name": "59600", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59600"}, {"name": "1030754", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030754"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3575", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2014-10732", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html"}, {"name": "69354", "refsource": "BID", "url": "http://www.securityfocus.com/bid/69354"}, {"name": "apache-openoffice-cve20143575-info-disc(95420)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95420"}, {"name": "http://www.openoffice.org/security/cves/CVE-2014-3575.html", "refsource": "CONFIRM", "url": "http://www.openoffice.org/security/cves/CVE-2014-3575.html"}, {"name": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/", "refsource": "CONFIRM", "url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"}, {"name": "RHSA-2015:0377", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"}, {"name": "59877", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59877"}, {"name": "20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html"}, {"name": "GLSA-201603-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-05"}, {"name": "59600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59600"}, {"name": "1030754", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030754"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:17.671Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2014-10732", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html"}, {"name": "69354", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/69354"}, {"name": "apache-openoffice-cve20143575-info-disc(95420)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95420"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openoffice.org/security/cves/CVE-2014-3575.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"}, {"name": "RHSA-2015:0377", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"}, {"name": "59877", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59877"}, {"name": "20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html"}, {"name": "GLSA-201603-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-05"}, {"name": "59600", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59600"}, {"name": "1030754", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030754"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3575", "datePublished": "2014-08-27T00:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.671Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "B33E0CB6-2B56-45AC-9268-8AD54AC99DC0", "versionEndExcluding": "4.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEF647EF-54CE-43BC-A5D2-5FA854BEFB46", "versionEndExcluding": "4.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "4341B2DF-D74B-4EF6-8975-35E18308797B", "versionEndExcluding": "4.3.1", "versionStartIncluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects."}, {"lang": "es", "value": "La generaci\u00f3n de previsualizaciones OLE en Apache OpenOffice anterior a 4.1.1 y OpenOffice.org (OOo) podr\u00eda permitir a atacantes remotos embeber datos arbitrarios en documentos a trav\u00e9s de objetos OLE manipulados."}], "id": "CVE-2014-3575", "lastModified": "2022-02-07T16:32:43.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-08-27T00:55:04.037", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59600"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59877"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.openoffice.org/security/cves/CVE-2014-3575.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/69354"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030754"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95420"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201603-05"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libabw-0:0.0.2-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libcmis-0:0.4.1-5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libetonyek-0:0.0.4-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libfreehand-0:0.0.0-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "liblangtag-0:0.5.4-8.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libmwaw-0:0.2.0-4.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libodfgen-0:0.0.4-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libreoffice-1:4.2.6.3-5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "mdds-0:0.10.3-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "openoffice: Arbitrary file disclosure via crafted OLE objects", "id": "1138882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138882"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.", "A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "- Whenever possible, exercise caution when opening documents sent by unknown/untrusted parties.\n- If \"Update Links\" dialog is seen, when opening a document, do not send this document to others, since it may be possible that local files got attached to the document. (The exploit only works when the document is sent over to the attacker after opening it on your system using LibreOffice/OpenOffice)"}, "name": "CVE-2014-3575", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openoffice.org", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2014-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3575\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3575"], "statement": "This issue affects the version of OpenOffice.org as shipped in Red Hat Enterprise Linux 5, and the version of LibreOffice as shipped in Red Hat Enterprise Linux 6.\nRed Hat Product Security has rated this issue as having Moderate security impact and is not planned to be addressed in any future updates.", "threat_severity": "Moderate", "upstream_fix": "openoffice.org 4.1.1"}