CVE-2017-3157

Priority
Medium
Description
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded
objects, an attacker could craft a document that allows reading in a file
from the user's filesystem. Information could be retrieved by the attacker
by, e.g., using hidden sections to store the information, tricking the user
into saving the document and convincing the user to send the document back
to the attacker. The vulnerability is mitigated by the need for the
attacker to know the precise file path in the target system, and the need
to trick the user into saving the document and sending it back.
References
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (1:4.2.8-0ubuntu5)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:5.1.6~rc2-0ubuntu1~xenial1)
Ubuntu 17.04 (Zesty Zapus):not-affected (1:5.3.0~rc3-0ubuntu2)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
More Information

Updated: 2017-11-22 17:14:44 UTC (commit 13756)