CVE-2016-6803

EPSS 0.12%
Published 13.11.2017 14:29:00
Last modified 20.04.2025 01:37:25
Source security@apache.org
Teams watchlist Login
Open Login

An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Openoffice Version <= 4.1.2

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.275

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

http://www.securityfocus.com/bid/94418

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037015

Third Party Advisory

VDB Entry

https://www.openoffice.org/security/cves/CVE-2016-6803.html

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2016-6803

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6803

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6803

EUVD