CVE-2023-47804
HIGHApache OpenOffice < 4.1.15 - Unauthenticated Arbitrary Script Execution via Macro Link Activation
Title source: llmDescription
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/01/03/3
Patch, Vendor Advisory
https://www.openoffice.org/security/cves/CVE-2023-47804.html
Mailing List, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/ygp59swfcy6g46jf8v9s6qpwmxn8fsvb
Scores
CVSS v3
8.8
EPSS
0.0273
EPSS Percentile
84.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-88
CWE-20
Status
published
Products (1)
apache/openoffice
< 4.1.15
Published
Dec 29, 2023
Tracked Since
Feb 18, 2026