VDB
CVE-2017-3157
CVE-2017-3157
PUBLISHED
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.
EPSS 0.43% · 63.1th percentile
Risk Scores
EPSS Score
0.43%
63.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | libreoffice | 0, 1:5.0.2-0ubuntu1, 1:5.0.2-0ubuntu5 |
| Ubuntu:14.04:LTS | libreoffice | 0, 1:4.1.2~rc3-0ubuntu2, 1:4.1.3-0ubuntu2 |
Timeline
- Feb 22, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- May 13, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
- Jan 18, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-3157 third-party-advisory
- https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ third-party-advisory
- https://ubuntu.com/security/notices/USN-3210-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-3157 third-party-advisory