CVE-2014-3575
Naslov: CVE-2014-3575: Arbitrarno razkritje datotek z uporabo prilagojenih predmetov OLE
Objavljeno: 21. avgust 2014
Popravljeno v: LibreOffice 4.2.6-secfix/4.3.1
Opis:
The vulnerability allows an attacker to send a document which when opened will trigger the prompt to "Update Links" but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties.
All users are recommended to upgrade to LibreOffice 4.2.6-secfix or 4.3.1.
Thanks to Malte Timmermann of Open-Xchange for discovering this flaw.
Sklici:
CVE-2014-3575
Sledite nam