CVE-2023-47804

Name of the Vulnerable Software and Affected Versions Apache OpenOffice versions prior to the fixed version

Description The issue is related to insufficient input validation when processing arguments, allowing a remote attacker to execute arbitrary code. Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments using several URI Schemes. These links can be activated by clicks or automatic document events and should require user approval. However, in the affected versions, certain links do not request approval, potentially resulting in arbitrary script execution.

Recommendations For Apache OpenOffice versions prior to the fixed version, consider disabling the execution of internal macros with arbitrary arguments until a patch is available. Restrict access to documents that may contain such links to minimize the risk of exploitation. As a temporary workaround, require user approval for all links that call internal macros. At the moment, there is no information about a newer version that contains a fix for this vulnerability.