Apache OpenOffice prior 4.1.3 Search Path untrusted search path
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.4 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Apache OpenOffice. Affected by this issue is some unknown functionality of the component Search Path Handler. This manipulation causes untrusted search path. This vulnerability appears as CVE-2016-6803. The attack requires local access. There is no available exploit. It is suggested to upgrade the affected component.
Details
A vulnerability classified as problematic was found in Apache OpenOffice (Office Suite Software). Affected by this vulnerability is an unknown code of the component Search Path Handler. The manipulation with an unknown input leads to a untrusted search path vulnerability. The CWE definition for the vulnerability is CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. As an impact it is known to affect confidentiality, integrity, and availability.
The bug was discovered 10/11/2016. The weakness was presented 11/25/2016 by Cyril Vallicari with Apache as CVE 2016-6803: Apache OpenOffice Unquoted Search Path Vulnerability as confirmed mailinglist post (Bugtraq). The advisory is shared at seclists.org. The public release was coordinated in cooperation with Apache. This vulnerability is known as CVE-2016-6803 since 08/12/2016. The exploitation appears to be easy. An attack has to be approached locally. A single authentication is needed for exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1574 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 94199 (Apache OpenOffice < 4.1.3 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context l.
Upgrading to version 4.1.3 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The mailinglist post contains the following remark:
Ensure that there are no programs installed at the top-level folder (usually C:\) where Windows is installed. All are dangerous, especially ones named "Program", whether "Program.exe" or some other variation. If such programs are found, install or update to current anti-virus/-malware software. Perform a complete system scan. The scan may provide for removal of programs where there should not be any. If that does not happen, it is necessary to remove any Program.exe and others manually using administrator privilege.
The vulnerability is also documented in the databases at Tenable (94199) and SecurityFocus (BID 94418†). See VDB-92722 and VDB-92723 for similar entries. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
- 1.0.1
- 1.0.2
- 1.0.9221
- 1.1.0
- 1.1.1
- 1.1.2
- 1.1.3
- 1.1.4
- 2.0.0
- 2.0.1
- 2.0.2
- 2.0.3
- 2.0.3 1
- 2.0.4
- 2.0beta
- 2.1
- 2.1.0
- 2.2
- 2.2.0
- 2.2.1
- 2.3
- 2.3.0
- 2.4.0
- 2.4.1
- 2.4.2
- 3.0.0
- 3.0.1
- 3.1.0
- 3.1.1
- 3.1.9420
- 3.2.0
- 3.2.1
- 3.3
- 3.3.0
- 3.3.9567
- 3.4
- 3.4.0
- 3.4.1
- 4.0
- 4.0.0
- 4.0.1
- 4.1.0
- 4.1.1
- 4.1.2
License
Website
- Vendor: https://www.apache.org/
CPE 2.3
CPE 2.2
Video
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.4
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Untrusted search pathCWE: CWE-426
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 94199
Nessus Name: Apache OpenOffice < 4.1.3 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 803909
OpenVAS Name: Apache OpenOffice Unquoted Search Path And Remote Code Execution Vulnerabilities
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: OpenOffice 4.1.3
Timeline
08/12/2016 🔍10/11/2016 🔍
10/11/2016 🔍
10/21/2016 🔍
11/20/2016 🔍
11/25/2016 🔍
11/28/2016 🔍
11/13/2017 🔍
10/04/2022 🔍
Sources
Vendor: apache.orgAdvisory: CVE 2016-6803: Apache OpenOffice Unquoted Search Path Vulnerability
Researcher: Cyril Vallicari
Organization: Apache
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2016-6803 (🔍)
GCVE (CVE): GCVE-0-2016-6803
GCVE (VulDB): GCVE-100-93853
SecurityFocus: 94418 - Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
SecurityTracker: 1037015
See also: 🔍
Entry
Created: 11/28/2016 11:17Updated: 10/04/2022 15:37
Changes: 11/28/2016 11:17 (66), 07/17/2019 18:51 (17), 10/04/2022 15:37 (4)
Complete: 🔍
Cache ID: 216:094:103
No comments yet. Languages: en.
Please log in to comment.