Impress file processing flaw in OpenOffice - CVE-2016-1513
Published: July 29, 2016
Vulnerability identifier: #VU231
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2016-1513
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apache Foundation
Affected software:
OpenOffice
OpenOffice
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an access control error in Apache OpenOffice. A remote attacker can trigger a memory corruption error and execute arbitrary code on the target system.by creating a specially crafted OpenDocument Presentation (.ODP) or Presentation Template (.OTP) file.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability exists due to an access control error in Apache OpenOffice. A remote attacker can trigger a memory corruption error and execute arbitrary code on the target system.by creating a specially crafted OpenDocument Presentation (.ODP) or Presentation Template (.OTP) file.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2016-1513
Patch for this vulnerability has been developed and is available for developers at.
https://bz.apache.org/ooo/show_bug.cgi?id=127045
https://bz.apache.org/ooo/show_bug.cgi?id=127045