CVE-2014-3575.html

hdu Thu, 21 Aug 2014 06:28:59 -0700

Author: hdu
Date: Thu Aug 21 13:27:40 2014
New Revision: 1619391

URL: http://svn.apache.org/r1619391
Log:
add CVE-2014-3575


Added:
    openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3575.html   (with 
props)

Added: openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3575.html
URL: 
http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3575.html?rev=1619391&view=auto
==============================================================================
--- openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3575.html (added)
+++ openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3575.html Thu Aug 
21 13:27:40 2014
@@ -0,0 +1,41 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head profile="http://www.w3.org/2005/10/profile";>
+       <title>CVE-2014-3575</title>
+       <style type="text/css"></style>
+</head>
+
+<body>
+       <h2><a 
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-3575";>CVE-2014-3575</a></h2>
+
+       <h3>OpenOffice Targeted Data Exposure Using Crafted OLE Objects</h3>
+
+       <ul>   
+       <h4>Severity: Important</h4>
+       <h4>Vendor: The Apache Software Foundation</h4>
+       <h4>Versions Affected:</h4>
+               <ul>
+               <li>Apache OpenOffice 4.1.0 and older on Windows.</li>
+               <li>OpenOffice.org versions are also affected.</li>
+       </ul>
+
+       <h4>Description:</h4>
+       <p>The exposure exploits the way OLE previews are generated to embed 
arbitrary
+       file data into a specially crafted document when it is opened. Data 
exposure is
+       possible if the updated document is distributed to other parties.
+
+       <h4>Mitigation</h4>
+       <p>Apache OpenOffice users are advised to <a 
href="http://download.openoffice.org";>upgrade to Apache OpenOffice 4.1.1</a>.
+       Users who are unable to upgrade immediately should be cautious when 
they are asked to "Update Links" for untrusted documents.
+
+       <h4>Credits</h4>
+       <p>The Apache OpenOffice security team credits Open-Xchange for 
reporting this flaw.</p>
+
+       <hr />
+
+       <p><a href="http://security.openoffice.org";>Security Home</a>
+       -&gt; <a 
href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
+       -&gt; <a 
href="http://security.openoffice.org/security/cves/CVE-2014-3575.html";>CVE-2014-3575</a></p>
+</body>
+</html>
+

Propchange: openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3575.html
------------------------------------------------------------------------------
    svn:eol-style = native

svn commit: r1619391 - /openoffice/ooo-site/trunk/content/security/cves/CVE-2014-3575.html

Reply via email to