CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects
-----BEGIN PGP SIGNED MESSAGE-----
OpenOffice Targeted Data Exposure Using Crafted OLE Objects
Vendor: The Apache Software Foundation
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions are also affected.
The exposure exploits the way OLE previews are generated to embed arbitrary file data into a specially crafted document when it is opened. Data exposure is possible if the updated document is distributed to other parties.
Apache OpenOffice users are advised to upgrade to Apache OpenOffice 4.1.1. Users who are unable to upgrade immediately should be cautious when they are asked to "Update Links" for untrusted documents.
The Apache OpenOffice security team credits Open-Xchange for reporting this flaw.
Member of the Apache OpenOffice Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Cygwin)