Thans Dave, for your letter. [email protected]
пт, 16 Апр 2021, 3:57 Dave Fisher <[email protected]>: > Severity: moderate > > Description: > > The project received a report that all versions of Apache OpenOffice > through 4.1.8 can open non-http(s) hyperlinks. The problem has existed > since about 2006 and the issue is also in 4.1.9. If the link is > specifically crafted this could lead to untrusted code execution. It is > always best practice to be careful opening documents from unknown and > unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) > assures that a security warning is displayed giving the user the option of > continuing to open the hyperlink. > > Credit: > > Fabian Bräunlein and Lukas Euler of Positive Security
