Federico Scrinzi

**Name of the Vulnerable Software and Affected Versions** LibreOffice versions prior to 4.4.5 Apache OpenOffice versions prior to 4.1.2 **Description** The issue allows remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into Calc or Writer. This is due to the use of stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links. **Recommendations** For LibreOffice versions prior to 4.4.5, update to version 4.4.5 or later. For Apache OpenOffice versions prior to 4.1.2, update to version 4.1.2 or later. As a temporary workaround, consider restricting the use of the LinkUpdateMode configuration to minimize the risk of exploitation.