Ben Hayak

**Name of the Vulnerable Software and Affected Versions** LibreOffice (affected versions not specified) Apache OpenOffice versions prior to 4.1.4 **Description** The issue is related to the improper handling of opened files, allowing an attacker to disclose protected information using a specially crafted file. Exploitation of this issue in Apache OpenOffice can enable an attacker to read files from the user's filesystem by crafting a document with embedded objects. The attacker could retrieve information by tricking the user into saving the document and sending it back. This is mitigated by the attacker needing to know the precise file path and tricking the user into saving and sending the document. **Recommendations** For Apache OpenOffice versions prior to 4.1.4, update to version 4.1.4 or later to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability in LibreOffice.