CVE-2014-3575

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
apacheopenoffice
𝑥
< 4.1.1
libreofficelibreoffice
𝑥
< 4.2.6
libreofficelibreoffice
4.3.0 ≤
𝑥
< 4.3.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libreoffice
utopic
Fixed 1:4.3.2-0ubuntu1
released
trusty
Fixed 1:4.2.6.3-0ubuntu1
released
precise
Fixed 1:3.5.7-0ubuntu7
released
lucid
dne
openoffice.org
utopic
dne
trusty
dne
precise
not-affected
lucid
ignored
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html
http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html
http://rhn.redhat.com/errata/RHSA-2015-0377.html
http://secunia.com/advisories/59600
http://secunia.com/advisories/59877
http://www.openoffice.org/security/cves/CVE-2014-3575.html
http://www.securityfocus.com/bid/69354
http://www.securitytracker.com/id/1030754
https://exchange.xforce.ibmcloud.com/vulnerabilities/95420
https://security.gentoo.org/glsa/201603-05
http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html
http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html
http://rhn.redhat.com/errata/RHSA-2015-0377.html
http://secunia.com/advisories/59600
http://secunia.com/advisories/59877
http://www.openoffice.org/security/cves/CVE-2014-3575.html
http://www.securityfocus.com/bid/69354
http://www.securitytracker.com/id/1030754
https://exchange.xforce.ibmcloud.com/vulnerabilities/95420
https://security.gentoo.org/glsa/201603-05