vulnerability

Apache OpenOffice: CVE-2016-6803: Windows Installer Can Enable Privileged Trojan Execution

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Nov 13, 2017	Sep 12, 2025	Sep 12, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Nov 13, 2017

Added

Sep 12, 2025

Modified

Sep 12, 2025

Description

An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.

Solution

apache-openoffice-upgrade-latest

References

CWE-426
CVE-2016-6803
https://attackerkb.com/topics/CVE-2016-6803
URL-https://www.openoffice.org/security/cves/CVE-2016-6803.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today