CVE-2017-3157

CWE-200Information Exposure8 documents8 sources
Severity
5.5MEDIUM
EPSS
0.8%
top 26.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apache OpenofficeApache Software Foundation Apache OpenofficeDebian Debian Linux+6 more
Timeline
PublishedNov 20
Latest updateMay 14

Description

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, a

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5apache_software_foundation/apache_openoffice4.0.0 to 4.1.3, and some previous releases, including some using our old OpenOffice.org brand
Debianlibreoffice< 1:5.2.3-1+3

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.3, 7.4, 7.6, 7.5

🔴Vulnerability Details

3
GHSA
GHSA-c683-7wh2-j8m4: By exploiting the way Apache OpenOffice before 42022-05-14
OSV
CVE-2017-3157: By exploiting the way Apache OpenOffice before 42017-11-20
CVEList
CVE-2017-3157: By exploiting the way Apache OpenOffice before 42017-11-20

📋Vendor Advisories

3
Ubuntu
LibreOffice vulnerability2017-02-23
Red Hat
libreoffice: Arbitrary file disclosure in Calc and Writer2017-02-22
Debian
CVE-2017-3157: libreoffice - By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, a...2017

💬Community

1
Bugzilla
CVE-2017-3157 libreoffice: Arbitrary file disclosure in Calc and Writer2017-02-22
CVE-2017-3157 (MEDIUM CVSS 5.5) | By exploiting the way Apache OpenOf | cvebase.io