CVE-2014-0247 — Product UI does not Warn User of Unsafe Actions in Libreoffice

CWE-356 — Product UI does not Warn User of Unsafe Actions8 documents7 sources

Severity

10.0CRITICALNVD

EPSS

6.6%

top 8.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreoffice Debian Libreoffice Canonical Ubuntu Linux +5 more

Timeline

PublishedJul 3

Latest updateMay 14

Description

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages7 packages

▶debiandebian/libreoffice< libreoffice 1:4.2.5-1 (bookworm)

▶Debianlibreoffice/libreoffice< 1:4.2.5-1+3

▶NVDlibreoffice/libreoffice4.2.4

▶NVDopensuse/opensuse13.1

▶NVDredhat/enterprise_linux_server7.0

Also affects: Fedora 19, Ubuntu Linux 14.04

🔴Vulnerability Details

GHSA

GHSA-42hf-67vj-j9w8: LibreOffice 4↗2022-05-14

▶

OSV

CVE-2014-0247: LibreOffice 4↗2014-07-03

▶

📋Vendor Advisories

Red Hat

libreoffice: VBA macros executed unconditionally↗2014-06-23

▶

Ubuntu

LibreOffice vulnerability↗2014-06-23

▶

Debian

CVE-2014-0247: libreoffice - LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspe...↗2014

▶

💬Community

Bugzilla

CVE-2014-0247 libreoffice: VBA macros executed unconditionally [fedora-all]↗2014-06-24

▶

Bugzilla

CVE-2014-0247 libreoffice: VBA macros executed unconditionally↗2014-06-19

▶