(CVE-2022-47052) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version Solution Upgrade to Apache OpenOffice version 4.1.14 or later. In the affected versions of OpenOffice, approval for certain links is not requested when activated, such links could therefore result in arbitrary script execution. The execution of such links must be subject to user approval. Links can be activated by clicks, or by automatic document events. Several URI Schemes are defined for this purpose.
(CVE-2022-38745) - Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. This may lead to run arbitrary Java code from the current directory.
(CVE-2022-40674) - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. The Apache OpenOffice project (AOO) provides a full featured office productivity suite based on open standards. It is, therefore, affected by multiple vulnerabilities: - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Description The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.14. Synopsis The remote Windows host has an application installed that is affected by multiple vulnerabilities.
0 kommentar(er)
