CVE-2014-3524

Severity

93%

Complexity

86%

Confidentiality

165%

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 10 years ago

2014-08-26 14:55:00

Last updated 6 years ago

2018-10-09 19:44:00

Affected Software

Apache Software Foundation OpenOffice 4.0.0

4.0.0

Apache Software Foundation OpenOffice 4.0.1

4.0.1

Apache Software Foundation OpenOffice

References

http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/

59600

59877

60235

http://www.openoffice.org/security/cves/CVE-2014-3524.html

20140821 CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability

69351

1030755

apache-openoffice-cve20143524-command-exec(95421)

GLSA-201603-05

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.