svn commit: r1619390 - /openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3524.html

Thu, 21 Aug 2014 06:27:51 -0700 

Author: hdu
Date: Thu Aug 21 13:26:54 2014
New Revision: 1619390

URL: http://svn.apache.org/r1619390
Log:
add CVE-2014-3524

Added:
    openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3524.html   (with 
props)

Added: openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3524.html
URL: 
http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3524.html?rev=1619390&view=auto
==============================================================================
--- openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3524.html (added)
+++ openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3524.html Thu Aug 
21 13:26:54 2014
@@ -0,0 +1,41 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head profile="http://www.w3.org/2005/10/profile";>
+       <title>CVE-2014-3524</title>
+       <style type="text/css"></style>
+</head>
+
+<body>
+       <h2><a 
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-3524";>CVE-2014-3524</a></h2>
+
+       <h3>OpenOffice Calc Command Injection Vulnerability</h3>
+
+       <ul>   
+       <h4>Severity: Important</h4>
+       <h4>Vendor: The Apache Software Foundation</h4>
+       <h4>Versions Affected:</h4>
+               <ul>
+               <li>Apache OpenOffice 4.1.0 and older on Windows.</li>
+               <li>OpenOffice.org versions are also affected.</li>
+       </ul>
+
+       <h4>Description:</h4>
+       <p>The vulnerability allows command injection when loading Calc 
spreadsheets.
+       Specially crafted documents can be used for command-injection attacks.
+       Further exploits are possible but have not been verified.
+
+       <h4>Mitigation</h4>
+       <p>Apache OpenOffice users are advised to <a 
href="http://download.openoffice.org";>upgrade to Apache OpenOffice 4.1.1</a>.
+       Users who are unable to upgrade immediately should be cautious when 
opening untrusted documents.
+
+       <h4>Credits</h4>
+       <p>The Apache OpenOffice security team credits Rohan Durve and James 
Kettle of Context Information Security as the discoverer of this flaw.</p>
+
+       <hr />
+
+       <p><a href="http://security.openoffice.org";>Security Home</a>
+       -&gt; <a 
href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
+       -&gt; <a 
href="http://security.openoffice.org/security/cves/CVE-2014-3524.html";>CVE-2014-3524</a></p>
+</body>
+</html>
+

Propchange: openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3524.html
------------------------------------------------------------------------------
    svn:eol-style = native

Reply via email to