Unquoted Windows Search Path Vulnerability in Apache OpenOffice Installers
CVE-2016-6803

7.8HIGH

Key Information:

Vendor
Apache
Status
Apache Openoffice
Vendor
CVE Published:
13 November 2017

Summary

An installer defect known as an 'unquoted Windows search path vulnerability' was discovered in Apache OpenOffice versions before 4.1.3. This vulnerability allows an attacker to exploit any installer that has unquoted paths, provided that the user’s system has been previously compromised by a Trojan Horse application with administrative privileges. This flaw can act as a delayed trigger for further exploits, potentially putting systems at risk of unauthorized access and manipulation.

Affected Version(s)

Apache OpenOffice 4.0.0 to 4.1.2

Apache OpenOffice Older versions, including some using the previous OpenOffice.org brand, are also affected.

References

http://www.securityfocus.com/bid/94418
vdb-entryx_refsource_BID
https://www.openoffice.org/security/cves/CVE-2016-6803.html
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037015
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.