www.libreoffice.org
Open in
urlscan Pro
2a00:1828:a012:168::1
Public Scan
URL:
https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140/
Submission: On October 13 via api from IN — Scanned from DE
Submission: On October 13 via api from IN — Scanned from DE
Form analysis
1 forms found in the DOMGET /home/SearchForm
<form id="SearchForm_SearchForm" class="navbar-form pull-right" action="/home/SearchForm" method="get" enctype="application/x-www-form-urlencoded">
<!-- <fieldset> -->
<!-- <div id="Search" class="field text nolabel"> -->
<!-- <div class="middleColumn"> -->
<input type="text" placeholder="Search" name="Search" value="" id="SearchForm_SearchForm_Search">
<!-- </div> -->
<!-- </div> -->
<input type="submit" name="action_results" value="Go" class="action btn" id="SearchForm_SearchForm_action_results">
<!-- </fieldset> -->
</form>
Text Content
English | 中文 (简体) | Deutsch | Español | Français | Italiano | More... * Discover * What is LibreOffice? * LibreOffice Technology * New Features * Writer – word processor * Calc – spreadsheet * Impress – presentations * Draw – diagrams * Base – database * Math – formula editor * Charts * What is OpenDocument? * LibreOffice vs OpenOffice * Templates & Extensions * Who uses LibreOffice? * Screenshots * Download * Download LibreOffice * Business users: click here * LibreOffice for Android and iOS * App Stores and Chromebooks * Release Notes * Development versions * Portable versions * LibreOffice as Flatpak * LibreOffice as Snap * LibreOffice as AppImage * LibreOffice Impress Remote * LibreOffice Online * Get Help * Feedback * Community Assistance * Documentation * Installation Instructions * Professional Support * System Requirements * Accessibility * Mailing Lists * Frequently Asked Questions * Improve it * Join us – start here! * What can you do for LibreOffice? * Design * Developers * Docs Team * Infrastructure * Localization * Marketing * Native-Lang Projects * Testing - QA * Wiki * Community map * Grant Request * Events * About Us * Who are we? * Governance * Advisory Board Members * LibreOffice Certification * Licenses * Source Code * Security * Imprint * Credits * LibreOffice Timeline * Privacy Policy * Foundation's Reports * Merchandise * Read our blog * Donate * * About Us / * Security / * Security Advisories / * * CVE-2022-3140 CVE-2022-3140 Title: Macro URL arbitrary script execution Announced: October 11, 2022 Fixed in: LibreOffice 7.3.6/7.4.1 Description: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. In versions >= 7.3.6 (and >= 7.4.1) such unwanted command URIs are blocked from execution. Credits: * TheSecurityDev working with Trend Micro Zero Day Initiative References: CVE-2022-3140 ABOUT US * Who are we? * Governance * Advisory Board Members * LibreOffice Certification * Licenses * Source Code * Security * Imprint * Credits * LibreOffice Timeline * Privacy Policy * Foundation's Reports * Merchandise * Read our blog FOLLOW US * Our blog * @tdforg * @libreoffice * * Mastodon * * @AskLibreOffice * @LibreOfficeBugs * Mastodon Impressum (Legal Info) | Datenschutzerklärung (Privacy Policy) | Statutes (non-binding English translation) - Satzung (binding German version) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License v2.0. “LibreOffice” and “The Document Foundation” are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy. LibreOffice was based on OpenOffice.org.