CVE-2020-13958

HIGH

Apache OpenOffice 4.0.0-4.1.7 - Unauthenticated Arbitrary Executable Execution via Hyperlink in Scripting Events

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-13958. PoCs published by Grey-Junior.

AI-analyzed exploit summary This PoC crafts a malicious ODT file exploiting CVE-2020-13958, an XML External Entity (XXE) vulnerability in Apache OpenOffice. The script embeds a crafted hyperlink with an event listener to trigger arbitrary code execution when the document is opened.

Description

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.

Exploits (1)

nomisec WORKING POC
by Grey-Junior · poc
https://github.com/Grey-Junior/CVE-2020-13958

This PoC crafts a malicious ODT file exploiting CVE-2020-13958, an XML External Entity (XXE) vulnerability in Apache OpenOffice. The script embeds a crafted hyperlink with an event listener to trigger arbitrary code execution when the document is opened.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache OpenOffice < 4.1.8
No auth needed
Prerequisites: Victim must open the crafted ODT file in a vulnerable version of Apache OpenOffice
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

CVSS v3 7.8
EPSS 0.0269
EPSS Percentile 84.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
apache/openoffice 4.0.0 - 4.1.8
Published Nov 17, 2020
Tracked Since Feb 18, 2026