CVE-2020-13958
Summary
| CVE | CVE-2020-13958 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-11-17 16:15:00 UTC |
| Updated | 2020-12-01 15:07:00 UTC |
| Description | A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Openoffice | All | All | All | All |
| Application | Apache | Openoffice | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pony Mail! | MISC | lists.apache.org | Mailing List, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 690415 Free Berkeley Software Distribution (FreeBSD) Security Update for apache openoffice (4f15ca7b-23ae-11eb-9f59-1c1b0d9ea7e6)