CVE-2014-0247

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-0247
LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-07/msg00006.html Third Party Advisory
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0377.html Third Party Advisory
http://secunia.com/advisories/57383
http://secunia.com/advisories/59330
http://secunia.com/advisories/60799
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml Third Party Advisory
http://www.securityfocus.com/bid/68151 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2253-1 Third Party Advisory
https://bugs.mageia.org/show_bug.cgi?id=13580 Issue Tracking
https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=blobdiff%3Bf=sfx2/source/doc/docmacromode.cxx%3Bh=4d4ae52b4339582a039744d03671c1db0633d6c3%3Bhp=2108d1920f8148ff60fd4a57684f295d6d733e7b%3Bhb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d%3Bhpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81
https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:libreoffice:libreoffice:4.2.4:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
History

13 Feb 2023, 00:37

Type Values Removed Values Added
Summary It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros. LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2014-0247', 'name': 'https://access.redhat.com/security/cve/CVE-2014-0247', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0377', 'name': 'https://access.redhat.com/errata/RHSA-2015:0377', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1111083', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1111083', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 15:16

Type Values Removed Values Added
References
  • {'url': 'https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81', 'name': 'https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81', 'tags': ['Issue Tracking', 'Patch'], 'refsource': 'MISC'}
  • (MISC) https://access.redhat.com/security/cve/CVE-2014-0247 -
  • (MISC) https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=blobdiff%3Bf=sfx2/source/doc/docmacromode.cxx%3Bh=4d4ae52b4339582a039744d03671c1db0633d6c3%3Bhp=2108d1920f8148ff60fd4a57684f295d6d733e7b%3Bhb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d%3Bhpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0377 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1111083 -
Summary LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros.
Information

Published : 2014-07-03 17:55

Updated : 2023-12-10 11:31

NVD link : CVE-2014-0247

Mitre link : CVE-2014-0247

CVE.ORG link : CVE-2014-0247

JSON object : View

Products Affected

redhat

  • enterprise_linux_desktop
  • enterprise_linux_server
  • enterprise_linux_workstation

libreoffice

  • libreoffice

opensuse

  • opensuse

canonical

  • ubuntu_linux

fedoraproject

  • fedora
CWE
NVD-CWE-noinfo