CVE-2016-6804

Name of the Vulnerable Software and Affected Versions Apache OpenOffice versions prior to 4.1.3

Description The Apache OpenOffice installer for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon.

Recommendations For versions prior to 4.1.3, update to version 4.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the execution of the installer in untrusted locations to minimize the risk of exploitation.