CVE-2014-3575 : The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to em

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

Published 2014-08-27 00:55:04

Updated 2022-02-07 16:32:44

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2014-3575

Probability of exploitation activity in the next 30 days: 0.21%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-3575

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-3575

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3575

https://security.gentoo.org/glsa/201603-05

LibreOffice, OpenOffice: Multiple vulnerabilities (GLSA 201603-05) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/

LibreOffice 4.3.1 "Fresh" announced - The Document Foundation Blog
Vendor Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0377.html

RHSA-2015:0377 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html

Broken Link
http://www.openoffice.org/security/cves/CVE-2014-3575.html

CVE-2014-3575
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html

[SECURITY] Fedora 20 Update: libreoffice-4.2.6.3-3.fc20
Mailing List;Third Party Advisory
http://www.securitytracker.com/id/1030754

Apache OpenOffice OLE Object Preview Flaw May Let Remote Users Obtain Potentially Sensitive Information - SecurityTracker
Broken Link;Third Party Advisory;VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95420

Apache OpenOffice.org OLE information disclosure CVE-2014-3575 Vulnerability Report
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/69354

OpenOffice CVE-2014-3575 Information Disclosure Vulnerability
Broken Link;Third Party Advisory;VDB Entry

Products affected by CVE-2014-3575

Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Apache » Openoffice
Versions before (<) 4.1.1
cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*
Matching versions
Libreoffice » Libreoffice
Versions from including (>=) 4.3.0 and before (<) 4.3.1
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
Matching versions
Libreoffice » Libreoffice
Versions before (<) 4.2.6
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-3575

Exploit prediction scoring system (EPSS) score for CVE-2014-3575

CVSS scores for CVE-2014-3575

CWE ids for CVE-2014-3575

References for CVE-2014-3575

Products affected by CVE-2014-3575