PT-2017-9019 · Apache · Apache Openoffice+1

Published

2017-11-20

Updated

2019-11-20

CVE-2016-6804

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache OpenOffice versions prior to 4.1.3

Description The Apache OpenOffice installer for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon.

Recommendations For versions prior to 4.1.3, update to version 4.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the execution of the installer in untrusted locations to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-6804

Affected Products

Apache Openoffice

Openoffice

PT-2017-9019 · Apache · Apache Openoffice+1

CVE-2016-6804

Weakness Enumeration

Related Identifiers

Affected Products

References · 5