Re: [CVE-2020-13958] Apache OpenOffice - Unrestricted actions leads to arbitrary code execution in crafted documents

[Imre Rad <radimre83 () gmail com>]

Proof of concept and more technical details can be found here:
https://github.com/irsl/apache-openoffice-rce-via-uno-links

Imre

Dave Fisher <wave () apache org> ezt írta (időpont: 2020. nov. 11., Sze, 7:38):
> CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in crafted documents
>
> Fixed in Apache OpenOffice 4.1.8
>
> Description
>
> A vulnerability in Apache OpenOffice scripting events allows an attacker to construct
> documents containing hyperlinks pointing to an executable on the target users file system.
> These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol
> may be called from the document event handler and other hyperlinks require a control-click.
>
> Severity: Low
>
> There are no known exploits of this vulnerability.
> A proof-of-concept demonstration exists.
>
> Vendor: The Apache Software Foundation
>
> Versions Affected
>
> Apache OpenOffice 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, and 4.1.7
> OpenOffice.org versions may also be affected.
>
> Mitigation
>
> Install Apache OpenOffice 4.1.8 for the latest maintenance and cumulative security fixes.
> Use the Apache OpenOffice download page (https://www.openoffice.org/download/).
>
> Acknowledgments
>
> The Apache OpenOffice Security Team would like to thank Imre Rad for discovering and
> reporting this attack vector.
>
> Further Information
>
> For additional information and assistance, consult the Apache OpenOffice Community Forums
> (https://forum.openoffice.org) or make requests to the users () openoffice apache org
> (mailto:users () openoffice apache org) public mailing list.
>
> The latest information on Apache OpenOffice security bulletins can be found at the
> Bulletin Archive page (https://www.openoffice.org/security/bulletin.html).
> >