Security News > 2021 > September > A malicious document could lead to RCE in Apache OpenOffice (CVE-2021-33035)

A malicious document could lead to RCE in Apache OpenOffice (CVE-2021-33035)
2021-09-22 10:53

Apache OpenOffice, one of the most popular open-source office productivity software suites, sports a RCE vulnerability that could be triggered via a specially crafted document.

CVE-2021-33035 was discovered by researcher Eugene Lim via fuzzing and source code review of Apache OpenOffice.

"While Scalabium dBase viewer was run by a single developer and could be resolved almost immediately, Apache OpenOffice took much longer," he noted.

The Apache OpenOffice office has, over the years, been slow at pushing out fixes for security issues because it often found itself without development resources and release managers.

Last year the The Document Foundation - the developers of LibreOffice - published an open letter asking the Apache OpenOffice project to "Endorse" LibreOffice and made users aware of it.

"If Apache OpenOffice still wants to maintain its old 4.1 branch from 2014, sure, that's important for legacy users. But the most responsible thing to do in 2020 is: help new users. Make them aware that there's a much more modern, up-to-date, professionally supported suite, based on OpenOffice, with many extra features that people need."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/z-ASOM9w9yo/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-33035 Classic Buffer Overflow vulnerability in Apache Openoffice
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets.
local
low complexity
apache CWE-120
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642