#VU972 Insecure DLL loading in OpenOffice - CVE-2016-6804
Published: October 13, 2016 / Updated: March 21, 2018
Vulnerability identifier: #VU972
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6804
CWE-ID: CWE-427
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
OpenOffice
OpenOffice
Software vendor:
Apache Foundation
Apache Foundation
Description
The vulnerability allows a remote attacker to execute arbitrary code with elevated privileges on the target system.
The weakness is caused by improper search path operations by the affected software. By tricking the victim to save and run a malicious file, disguised as a DLL, attackers can execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system that may lead to complete system compromise.
The weakness is caused by improper search path operations by the affected software. By tricking the victim to save and run a malicious file, disguised as a DLL, attackers can execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system that may lead to complete system compromise.
Remediation
Update to version 4.1.3.
http://sourceforge.net/projects/openofficeorg.mirror/files/4.1.3/binaries/ru/Apache_OpenOffice_4.1.3...
http://sourceforge.net/projects/openofficeorg.mirror/files/4.1.3/binaries/ru/Apache_OpenOffice_4.1.3...