Executive Summary

Informations
Name CVE-2014-3575 First vendor Publication 2014-08-26
Vendor Cve Last vendor Modification 2022-02-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26874
 
Oval ID: oval:org.mitre.oval:def:26874
Title: SUSE-SU-2014:1116-1 -- Security update for LibreOffice
Description: LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag suse-4.0-26, based on upstream 4.0.3.3). Two security issues have been fixed: * DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578) * Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141) The following non-security issues have been fixed: * chart shown flipped (bnc#834722) * chart missing dataset (bnc#839727) * import new line in text (bnc#828390) * lines running off screens (bnc#819614) * add set-all language menu (bnc#863021) * text rotation (bnc#783433, bnc#862510) * page border shadow testcase (bnc#817956) * one more clickable field fix (bnc#802888) * multilevel labels are rotated (bnc#820273) * incorrect nested table margins (bnc#816593) * use BitmapURL only if its valid (bnc#821567) * import gradfill for text colors (bnc#870234) * fix undo of paragraph attributes (bnc#828598) * stop-gap solution to avoid crash (bnc#830205) * import images with duotone filter (bnc#820077) * missing drop downs for autofilter (bnc#834705) * typos in first page style creation (bnc#820836) * labels wrongly interpreted as dates (bnc#834720) * RTF import of fFilled shape property (bnc#825305) * placeholders text size is not correct (bnc#831457) * cells value formatted with wrong output (bnc#821795) * RTF import of freeform shape coordinates (bnc#823655) * styles (rename &) copy to different decks (bnc#757432) * XLSX Chart import with internal data table (bnc#819822) * handle M.d.yyyy date format in DOCX import (bnc#820509) * paragraph style in empty first page header (bnc#823651) * copying slides having same master page name (bnc#753460) * printing handouts using the default, 'Order' (bnc#835985) * wrap polygon was based on dest size of picture (bnc#820800) * added common flags support for SEQ field import (bnc#825976) * hyperlinks of illustration index in DOCX export (bnc#834035) * allow insertion of redlines with an empty author (bnc#837302) * handle drawinglayer rectangle inset in VML import (bnc#779642) * don't apply complex font size to non-complex font (bnc#820819) * issue with negative seeks in win32 shell extension (bnc#829017) * slide appears quite garbled when imported from PPTX (bnc#593612) * initial MCE support in writerfilter ooxml tokenizer (bnc#820503) * MSWord uses xb for linebreaks in DB fields, take 2 (bnc#878854) * try harder to convert floating tables to text frames (bnc#779620) * itemstate in parent style incorrectly reported as set (bnc#819865) * default color hidden by Default style in writerfilter (bnc#820504) * DOCX document crashes when using internal OOXML filter (bnc#382137) * ugly workaround for external leading with symbol fonts (bnc#823626) * followup fix for exported xlsx causes errors for mso2007 (bnc#823935) * we only support simple labels in the InternalDataProvider (bnc#864396) * RTF import: fix import of numbering bullet associated font (bnc#823675) * page specific footer extended to every pages in DOCX export (bnc#654230) * v:textbox mso-fit-shape-to-text style property in VML import (bnc#820788) * w:spacing in a paragraph should also apply to as-char objects (bnc#780044) * compatibility setting for MS Word wrapping text in less space (bnc#822908) * fix SwWrtShell::SelAll() to work with empty table at doc start (bnc#825891) Security Issues: * CVE-2014-3575 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575> * CVE-2013-4156 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4156>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1116-1
CVE-2013-4156
CVE-2014-3575
 Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
 Product(s): LibreOffice
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27913
 
Oval ID: oval:org.mitre.oval:def:27913
Title: USN-2400-1 -- LibreOffice vulnerability
Description: It was discovered that LibreOffice incorrectly handled OLE preview generation. If a user were tricked into opening a crafted document, an attacker could possibly exploit this to embed arbitrary data into documents.
Family: unix Class: patch
Reference(s): USN-2400-1
CVE-2014-3575
 Version: 3
Platform(s): Ubuntu 12.04
 Product(s): libreoffice
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 12
Application 194
Os 1
Os 1
Os 1

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-08-28 IAVM : 2014-B-0117 - Multiple Vulnerabilities in Apache OpenOffice
Severity : Category II - VMSKEY : V0054059

Nessus® Vulnerability Scanner

Date Description
2016-10-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_ab947396901811e6a59014dae9d210b8.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201603-05.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150305_libreoffice_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0377.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0377.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0377.nasl - Type : ACT_GATHER_INFO
2014-12-17 Name : The remote host contains an application that is affected by multiple vulnerab...
File : libreoffice_4263.nasl - Type : ACT_GATHER_INFO
2014-12-17 Name : The remote host contains an application that is affected by multiple vulnerab...
File : libreoffice_431.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2400-1.nasl - Type : ACT_GATHER_INFO
2014-09-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-540.nasl - Type : ACT_GATHER_INFO
2014-09-15 Name : The remote Fedora host is missing a security update.
File : fedora_2014-10732.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libreoffice-201409-140902.nasl - Type : ACT_GATHER_INFO
2014-08-27 Name : The remote Windows host has an application installed that is affected by mult...
File : openoffice_411.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/69354
BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html
CONFIRM http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/
http://www.openoffice.org/security/cves/CVE-2014-3575.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-September/1376...
GENTOO https://security.gentoo.org/glsa/201603-05
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0377.html
SECTRACK http://www.securitytracker.com/id/1030754
SECUNIA http://secunia.com/advisories/59600
http://secunia.com/advisories/59877
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/95420

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Date Informations
2024-02-15 12:24:42
  • Multiple Updates
2024-02-08 12:24:40
  • Multiple Updates
2022-02-08 12:16:46
  • Multiple Updates
2021-05-04 12:32:21
  • Multiple Updates
2021-04-22 01:39:27
  • Multiple Updates
2020-05-23 01:52:11
  • Multiple Updates
2020-05-23 00:41:06
  • Multiple Updates
2019-06-13 12:06:11
  • Multiple Updates
2017-08-29 09:24:35
  • Multiple Updates
2017-01-07 09:25:36
  • Multiple Updates
2016-12-03 09:23:57
  • Multiple Updates
2016-11-29 00:24:55
  • Multiple Updates
2016-10-13 13:25:06
  • Multiple Updates
2016-09-02 17:24:33
  • Multiple Updates
2016-04-27 00:52:26
  • Multiple Updates
2016-03-11 13:26:30
  • Multiple Updates
2015-12-05 13:26:34
  • Multiple Updates
2015-10-18 17:22:37
  • Multiple Updates
2015-03-27 13:28:14
  • Multiple Updates
2015-03-19 13:28:05
  • Multiple Updates
2015-03-18 09:26:52
  • Multiple Updates
2015-03-06 13:25:48
  • Multiple Updates
2014-12-18 13:25:32
  • Multiple Updates
2014-11-12 13:27:12
  • Multiple Updates
2014-09-17 13:25:46
  • Multiple Updates
2014-09-16 13:26:28
  • Multiple Updates
2014-09-13 13:43:06
  • Multiple Updates
2014-08-28 13:24:40
  • Multiple Updates
2014-08-27 21:23:34
  • Multiple Updates
2014-08-27 09:22:18
  • First insertion