CVE-2020-13958
First published: Tue Nov 17 2020(Updated: )
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache OpenOffice | >=4.0.0<4.1.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-13958?
CVE-2020-13958 is rated as a medium-severity vulnerability.
How do I fix CVE-2020-13958?
To fix CVE-2020-13958, upgrade Apache OpenOffice to version 4.1.9 or later.
What systems are affected by CVE-2020-13958?
CVE-2020-13958 affects Apache OpenOffice versions between 4.0.0 and 4.1.8.
What type of attack does CVE-2020-13958 allow?
CVE-2020-13958 allows attackers to create documents with hyperlinks that can execute files on the victim's system.
Is there a patch for CVE-2020-13958?
Yes, a patch for CVE-2020-13958 is included in the update to Apache OpenOffice version 4.1.9.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/apache
- canonical/apache openoffice
- version/apache openoffice/4.0.0