Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability

Bugtraq ID:	69351
Class:	Input Validation Error
CVE:	CVE-2014-3524
Remote:	Yes
Local:	No
Published:	Aug 21 2014 12:00AM
Updated:	Jul 05 2016 09:41PM
Credit:	Rohan Durve and James Kettle of Context Information Security.
Vulnerable:	OpenOffice OpenOffice 3.1.1 OpenOffice OpenOffice 3.1 OpenOffice OpenOffice 2.4.3 OpenOffice OpenOffice 2.4.2 OpenOffice OpenOffice 2.4.1 OpenOffice OpenOffice 2.3.1 OpenOffice OpenOffice 2.3 OpenOffice OpenOffice 2.2.1 OpenOffice OpenOffice 2.2 OpenOffice OpenOffice 2.0.4 OpenOffice OpenOffice 2.0.3 OpenOffice OpenOffice 2.0.2 OpenOffice OpenOffice 2.0.1 OpenOffice OpenOffice 1.9.125 OpenOffice OpenOffice 1.9.79 OpenOffice OpenOffice 1.9.29 OpenOffice OpenOffice 1.1.52 OpenOffice OpenOffice 1.1.51 OpenOffice OpenOffice 1.1.5 OpenOffice OpenOffice 1.1.4 + Gentoo Linux OpenOffice OpenOffice 1.1.3 + Gentoo Linux + Red Hat Fedora Core3 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 OpenOffice OpenOffice 1.1.2 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 OpenOffice OpenOffice 1.1.1 OpenOffice OpenOffice 1.0.3 OpenOffice OpenOffice 1.0.2 OpenOffice OpenOffice 1.0.1 OpenOffice OpenOffice 3.4 OpenOffice OpenOffice 3.3 OpenOffice OpenOffice 3.2 OpenOffice OpenOffice 2.4 OpenOffice OpenOffice 2.2 OpenOffice OpenOffice 2.1 Gentoo Linux
Not Vulnerable:

Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability

Apache OpenOffice Calc is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input.

Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application.

Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.