CVE-2015-4551

medium

Description

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

References

http://www.debian.org/security/2015/dsa-3394

http://www.ubuntu.com/usn/USN-2793-1

http://www.openoffice.org/security/cves/CVE-2015-4551.html

http://www.securitytracker.com/id/1034091

http://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/

http://www.securitytracker.com/id/1034085

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/77486

https://security.gentoo.org/glsa/201603-05

http://rhn.redhat.com/errata/RHSA-2015-2619.html

https://security.gentoo.org/glsa/201611-03

Details

Source: MITRE

Published: 2015-11-10

Updated: 2022-02-07

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM