OpenOffice.org Information for VU#225657

Oracle Javadoc HTML frame injection vulnerability

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Vendor: The Apache Software Foundation

Versions Affected:

Apache OpenOffice 3.4.1 SDK, on all platforms.
Earlier versions may be also affected.

Description:

As reported on June 18th there is a vulnerability in JavaDoc generated by Java 5, Java 6 and Java 7 before update 22. Generated JavaDoc files could be suceptible to HTML frame injection attacks. Our investigation indicated that the UDK 3.2.7 Java API Reference in the Apache OpenOffice SDK contains a vulnerable HTML file.

Note: Ordinary installs of OpenOffice are not impacted by this vulnerability. Only installs of the OpenOffice SDK, typically only installed by software developers writing extensions, are impacted

Vendor References

http://www.openoffice.org/security/cves/CVE-2013-1571.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.