CVE-2017-3157

Published: Nov 20, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-12291 Aliases: GSD-2017-3157
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM 4,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0106
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

200

Exposure of Sensitive Information to an Unauthorized Actor

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies: Mobile, Not Technology-Specific, Web Based
Likelihood of Exploit: High
View CWE Details
Operating System

Enterprise Linux Server Tus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Tus
Version 7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Desktop by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Desktop
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Workstation by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Workstation
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Aus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Aus
Version 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Openoffice by Apache

Product Information
Vendor Apache
Product Openoffice
Version Range Affected
To 4.1.3 (inclusive)
cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server
Version 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Eus
Version 7.4
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Eus
Version 7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Eus
Version 7.3
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Aus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Aus
Version 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Tus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Tus
Version 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Eus
Version 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Aus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Aus
Version 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Workstation by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Workstation
Version 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Desktop by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Desktop
Version 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://access.redhat.com/errata/RHSA-2017:0914
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0914
https://access.redhat.com/errata/RHSA-2017:0979
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0979
https://www.debian.org/security/2017/dsa-3792
Issue Tracking Third Party Advisory
https://www.debian.org/security/2017/dsa-3792
https://www.openoffice.org/security/cves/CVE-2017-3157.html
Issue Tracking Vendor Advisory
https://www.openoffice.org/security/cves/CVE-2017-3157.html
http://www.securityfocus.com/bid/96402
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/96402
http://www.securitytracker.com/id/1037893
Issue Tracking Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037893
https://access.redhat.com/errata/RHSA-2017:0914
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0914
https://access.redhat.com/errata/RHSA-2017:0979
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0979
https://www.debian.org/security/2017/dsa-3792
Issue Tracking Third Party Advisory
https://www.debian.org/security/2017/dsa-3792
https://www.openoffice.org/security/cves/CVE-2017-3157.html
Issue Tracking Vendor Advisory
https://www.openoffice.org/security/cves/CVE-2017-3157.html
http://www.securityfocus.com/bid/96402
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/96402
http://www.securitytracker.com/id/1037893
Issue Tracking Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037893