OpenOffice.org Information for VU#225657
Oracle Javadoc HTML frame injection vulnerability
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 24 Jun 2013
No statement is currently available from the vendor regarding this vulnerability.
Vendor: The Apache Software Foundation
Apache OpenOffice 3.4.1 SDK, on all platforms.
Earlier versions may be also affected.
As reported on June 18th there is a vulnerability in JavaDoc generated by Java 5, Java 6 and Java 7 before update 22. Generated JavaDoc files could be suceptible to HTML frame injection attacks. Our investigation indicated that the UDK 3.2.7 Java API Reference in the Apache OpenOffice SDK contains a vulnerable HTML file.
Note: Ordinary installs of OpenOffice are not impacted by this vulnerability. Only installs of the OpenOffice SDK, typically only installed by software developers writing extensions, are impacted
There are no additional comments at this time.