CVE-2016-6803 (GCVE-0-2016-6803)
Vulnerability from cvelistv5
Published
2017-11-13 14:00
Modified
2024-09-16 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Trojan Execution (on previously infected system)
Summary
An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenOffice |
Version: 4.0.0 to 4.1.2 Version: Older versions, including some using the previous OpenOffice.org brand, are also affected. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94418",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openoffice.org/security/cves/CVE-2016-6803.html"
},
{
"name": "1037015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenOffice",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.1.2"
},
{
"status": "affected",
"version": "Older versions, including some using the previous OpenOffice.org brand, are also affected."
}
]
}
],
"datePublic": "2016-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An installer defect known as an \"unquoted Windows search path vulnerability\" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Trojan Execution (on previously infected system)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-14T10:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "94418",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openoffice.org/security/cves/CVE-2016-6803.html"
},
{
"name": "1037015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2016-10-11T00:00:00",
"ID": "CVE-2016-6803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenOffice",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.1.2"
},
{
"version_value": "Older versions, including some using the previous OpenOffice.org brand, are also affected."
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An installer defect known as an \"unquoted Windows search path vulnerability\" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Trojan Execution (on previously infected system)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94418"
},
{
"name": "https://www.openoffice.org/security/cves/CVE-2016-6803.html",
"refsource": "CONFIRM",
"url": "https://www.openoffice.org/security/cves/CVE-2016-6803.html"
},
{
"name": "1037015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-6803",
"datePublished": "2017-11-13T14:00:00.000Z",
"dateReserved": "2016-08-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:54:04.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…