vulnerability
FreeBSD: VID-4f15ca7b-23ae-11eb-9f59-1c1b0d9ea7e6 (CVE-2020-13958): Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Nov 10, 2020 | Nov 11, 2020 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Nov 10, 2020
Added
Nov 11, 2020
Modified
Dec 10, 2025
Description
The Apache Openofffice project reports: CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in crafted documents Description A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click. Severity: Low There are no known exploits of this vulnerability.A proof-of-concept demonstration exists. Thanks to the reporter for discovering this issue. Acknowledgments The Apache OpenOffice Security Team would like to thank Imre Rad for discovering and reporting this attack vector.
Solutions
freebsd-upgrade-package-apache-openofficefreebsd-upgrade-package-apache-openoffice-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.