Scripting Events Vulnerability in Apache OpenOffice
CVE-2020-13958

7.8HIGH

Key Information:

Vendor: Apache
Status: Apache Openoffice
Vendor: CVE Published:; 17 November 2020

Summary

A vulnerability in Apache OpenOffice permits an attacker to create documents that include hyperlinks directing to executable files on the user's file system. These malicious hyperlinks can be activated without any user consent, such as in case of a simple click. However, fixed versions of the software have mitigated this risk by preventing internal protocols from being called through document event handlers and requiring control-click actions for other hyperlinks.

Affected Version(s)

Apache OpenOffice Apache OpenOffice 4.0 to 4.1.7

References

https://lists.apache.org/thread.html/r6b2f48cf6c4aad4ebd1...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2020
Vulnerability Reserved
Jun 8, 2020