CVE-2017-3157

medium Apache
CVSS v3 Base Score
5.5
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
0.8%
Exploitation probability in 30 days
Top 26% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
None
Availability
None
Published: November 20, 2017 (3097 days ago)
Last Modified: May 13, 2026
Vendor: Apache
Source: NVD

Description

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.

CWE

CWE-200

Affected Products

apache openofficedebian debian linuxredhat enterprise linux desktopredhat enterprise linux serverredhat enterprise linux server ausredhat enterprise linux server eusredhat enterprise linux server tusredhat enterprise linux workstation

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 access.redhat.com 🔗 access.redhat.com 🔗 www.debian.org