El 21/08/2014 14:04, "Herbert Duerr" <h...@apache.org> escribió:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > CVE-2014-3575 > OpenOffice Targeted Data Exposure Using Crafted OLE Objects > > Severity: Important > Vendor: The Apache Software Foundation > > Versions Affected: > Apache OpenOffice 4.1.0 and older on Windows. > OpenOffice.org versions are also affected. > > Description: > The exposure exploits the way OLE previews are generated to embed > arbitrary file data into a specially crafted document when it is opened. > Data exposure is possible if the updated document is distributed to other > parties. > > Mitigation: > Apache OpenOffice users are advised to upgrade to Apache > OpenOffice 4.1.1. Users who are unable to upgrade immediately should be > cautious when they are asked to "Update Links" for untrusted documents. > > Credits: > The Apache OpenOffice security team credits Open-Xchange for > reporting this flaw. > > Herbert Dürr > Member of the Apache OpenOffice Security Team > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.13 (Cygwin) > > iQIcBAEBAgAGBQJT9e3wAAoJEDfnuKc+PLjJC8gP/2ZLgMRO9r2YyAbEWl6iA1gP > eVtq6I6O5W9a0ov1zGpbBaPVqZGMCGPDgsdTBUmm2FRAY0U0Yz0bflpGcSUdIpJ/ > ULMp6TLfgb24PpiySOQHRvz/6QDsTTgkEyKClkM3THzvNXh6mSCExaDsDv8fseaJ > y1tvTRHrHLeG+lZKPwDnIvDYDSONYNksK/e7gcF5rjNZpmcl6F4gZmMcm1j1TP1a > HbsgOzMpC+A0X26VfuDapYBT6mjeITS6+ZReAcD3sPul95UK/BQ6qU29dvDY7uYg > 7U9vzr2155uyv9qUx0UqE2XRKIHfUEhhxHZqFtTVlllkv34E1PNNYdhzUUYDuo4w > W4+GhrebUaArIeQNd1KLCgvnQ0O6ykegV/Rc+OIgG/8DOyC18SS3r11nLs0L0pDe > WmBfOii2OaS/d0RrOdHFsNpscSL1dRaGOXLDD5lxm2VPp6D3TgCM9UgNnBzF4u3S > 4lKid1JlxswFbOOT0hNrX7V/kwx9Z2DfDzw8EmjLZGmiH1W3u99EZxmIlKZQRwrg > 3enbMuSADsrWSjnxxmwlJD6iT0AaBEJ30doxqnfftIbNt4+r45fSPRPWYriQZ00j > 7a+CrKLfBS9ctuXChldWGtgbh4Pkq3RxsVhAw7aiIQdII53v8086A/jzVU0zYNN8 > AUxJRYsI1SGTlytbeP0o > =2Y3B > -----END PGP SIGNATURE----- >