CVE-2014-3524

Naslov: CVE-2014-3524: Injekcija ukaza CSV in formule DDE

Objavljeno: 21. avgusta 2014

Odpravljeno v: LibreOffice 4.2.6-secfix/4.3.1

Opis:

The vulnerability allows command injection when loading Calc spreadsheets under Windows. Specially crafted documents can be used for command-injection attacks. Other operating systems are not affected.

Windows users are recommended to upgrade their LibreOffice to 4.2.6-secfix or 4.3.1

Thanks to Rohan Durve and James Kettle of Context Information Security for discovering this flaw.

Sklici:

    CVE-2014-3524