PT-2022-6496 · Apache · Apache Openoffice+1

Altin Thartori

Published

2022-12-15

Updated

2024-01-08

CVE-2022-47502

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache OpenOffice (affected versions not specified)

Description The issue is related to the execution of links in Apache OpenOffice documents that can call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. These links can be activated by clicks or by automatic document events. The execution of such links must be subject to user approval. However, in the affected versions of OpenOffice, approval for certain links is not requested, which could result in arbitrary script execution. This is due to insufficient input validation when processing arguments.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Argument Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88CWE-20

Related Identifiers

BDU:2023-01772

CVE-2022-47502

Affected Products

Apache Openoffice

Openoffice

PT-2022-6496 · Apache · Apache Openoffice+1

CVE-2022-47502

Weakness Enumeration

Related Identifiers

Affected Products

References · 16