Vulnerabilities > CVE-2022-47502 - Unspecified vulnerability in Apache Openoffice
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.
Vulnerable Configurations
References
- http://www.openwall.com/lists/oss-security/2023/12/28/3
- http://www.openwall.com/lists/oss-security/2023/12/28/3
- http://www.openwall.com/lists/oss-security/2024/01/03/3
- http://www.openwall.com/lists/oss-security/2024/01/03/3
- https://lists.apache.org/thread/xr6tl91jj2jgcq8pdbrc4d8w13s6xn80
- https://lists.apache.org/thread/xr6tl91jj2jgcq8pdbrc4d8w13s6xn80
- https://www.openoffice.org/security/cves/CVE-2022-47502.html
- https://www.openoffice.org/security/cves/CVE-2022-47502.html