Vulnerability Name:

CVE-2013-4156 (CCN-86002)

Assigned:2013-07-26
Published:2013-07-26
Updated:2022-02-07
Summary:Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2013-4156

Source: OSVDB
Type: Broken Link
95706

Source: BUGTRAQ
Type: Issue Tracking, Mailing List, Third Party Advisory
20130726 CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability

Source: CCN
Type: SA54133
OpenOffice.org PLCF and XML Data Parsing Vulnerabilities

Source: CCN
Type: Open Office Web Site
OpenOffice DOCM Memory Corruption Vulnerability

Source: CONFIRM
Type: Vendor Advisory
http://www.openoffice.org/security/cves/CVE-2013-4156.html

Source: CCN
Type: BID-61468
OpenOffice CVE-2013-4156 Memory Corruption Vulnerability

Source: XF
Type: UNKNOWN
openoffice-cve20134156-code-exec(86002)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4156

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:openoffice:*:*:*:*:*:*:*:* (Version < 4.0.0)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:55958
    P
    		Security update for apache2 (Important)
    2021-10-06
    oval:org.opensuse.security:def:56077
    P
    		Security update for webkit2gtk3 (Important)
    2021-10-06
    oval:org.opensuse.security:def:55233
    P
    		Security update for java-1_8_0-openjdk (Important)
    2021-08-20
    oval:org.opensuse.security:def:26104
    P
    		Security update for libcares2 (Important)
    2021-08-16
    oval:org.opensuse.security:def:20134156
    V
    		CVE-2013-4156
    2021-08-15
    oval:org.opensuse.security:def:36479
    P
    		libreoffice-4.0.3.3.26-0.10.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26040
    P
    		Security update for gdm (Important)
    2021-04-28
    oval:org.opensuse.security:def:26029
    P
    		Security update for the Linux Kernel (Important)
    2021-04-15
    oval:org.opensuse.security:def:55884
    P
    		Security update for xorg-x11-server (Important)
    2021-04-14
    oval:org.opensuse.security:def:26028
    P
    		Security update for xorg-x11-server (Important)
    2021-04-13
    oval:org.opensuse.security:def:55996
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)
    2021-04-12
    oval:org.opensuse.security:def:57427
    P
    		Security update for spamassassin (Important)
    2021-04-12
    oval:org.opensuse.security:def:55127
    P
    		Security update for openssl (Important)
    2020-12-11
    oval:org.opensuse.security:def:26567
    P
    		java-1_4_2-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27095
    P
    		cifs-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27326
    P
    		xinetd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27994
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:54553
    P
    		libgypsy0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55684
    P
    		Security update for libxml2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26454
    P
    		Security update for python-Jinja2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27477
    P
    		libreoffice on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26648
    P
    		wget on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27139
    P
    		gpgme on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27390
    P
    		dhcp-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28033
    P
    		Security update for bsdtar (Important)
    2020-12-01
    oval:org.opensuse.security:def:54554
    P
    		libhogweed2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55792
    P
    		Security update for fontconfig (Low)
    2020-12-01
    oval:org.opensuse.security:def:26605
    P
    		libtiff3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26705
    P
    		gd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27777
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:27518
    P
    		mozilla-xulrunner192-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28047
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54576
    P
    		libmysqlclient18 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26658
    P
    		MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26789
    P
    		ntp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27812
    P
    		Security update for LibreOffice
    2020-12-01
    oval:org.opensuse.security:def:27600
    P
    		Security update for apache2-mod_security2
    2020-12-01
    oval:org.opensuse.security:def:28091
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:54716
    P
    		DirectFB on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26707
    P
    		glib2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26363
    P
    		Security update for libgit2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26940
    P
    		libapr-util1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27657
    P
    		Security update for qemu
    2020-12-01
    oval:org.opensuse.security:def:28729
    P
    		Security update for krb5
    2020-12-01
    oval:org.opensuse.security:def:54954
    P
    		libxslt-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26746
    P
    		libfreebl3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26364
    P
    		Security update for irssi (Low)
    2020-12-01
    oval:org.opensuse.security:def:26993
    P
    		mutt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27741
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:28764
    P
    		Security update for LibreOffice
    2020-12-01
    oval:org.opensuse.security:def:26232
    P
    		Security update for openconnect (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26760
    P
    		libpoppler-glib4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26375
    P
    		Security update for Chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:27042
    P
    		taglib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27314
    P
    		vino on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27892
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:57353
    P
    		Security update for foomatic-filters (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26313
    P
    		Security update for python-requests (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26804
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26439
    P
    		Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:27081
    P
    		apache2-mod_jk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27315
    P
    		virt-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27945
    P
    		Security update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55399
    P
    		tftp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26370
    P
    		Security update for mbedtls (Important)
    2020-12-01
    oval:org.opensuse.security:def:27442
    P
    		libevent-devel on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:26874
    P
    		SUSE-SU-2014:1116-1 -- Security update for LibreOffice
    2014-11-10
    oval:org.opensuse.security:def:80061
    P
    		Security update for LibreOffice
    2014-09-02
    oval:com.ubuntu.precise:def:20134156000
    V
    		CVE-2013-4156 on Ubuntu 12.04 LTS (precise) - low.
    2013-07-31
    oval:com.ubuntu.trusty:def:20134156000
    V
    		CVE-2013-4156 on Ubuntu 14.04 LTS (trusty) - low.
    2013-07-31
    BACK
    apache openoffice *