CVE-2016-6804
published 2017-11-20CVE-2016-6804: The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | openoffice | < 4.1.3 | 4.1.3 |
| apache_software_foundation | apache_openoffice | — | — |
| apache_software_foundation | apache_openoffice | — | — |