oss-security - Re: CVE-2012-5639: Apache OpenOffice: Loading internal / external resources without warning

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Wed, 3 Jan 2024 21:36:48 +0100
From: Timo Warns <timo.warns@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2012-5639: Apache OpenOffice: Loading internal
 / external resources without warning

For what it's worth: The original thread on this CVE is available at
https://www.openwall.com/lists/oss-security/2012/12/13/10

Regards, Timo

Am Mi., 3. Jan. 2024 um 12:02 Uhr schrieb Arrigo Marchiori <
ardovm@...che.org>:

> *** This announcement is a correction to the one sent on 28 December 2023.
> *** The "Affected versions" information was wrong.
>
> Severity: Moderate
>
> Affected versions:
>
> - Apache OpenOffice through 4.1.14
>
> Description:
>
> In Apache OpenOffice and LibreOffice embedded content will be opened
> automatically without that a warning is shown.
>
> Credit:
>
> The Apache OpenOffice Security Team would like to thank Timo Warns and
> Joachim Mammele for discovering and reporting this attack vector.
>
> References:
> https://openoffice.apache.org/
> https://www.cve.org/CVERecord?id=CVE-2012-5639
> --
> Arrigo
>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.