Primary

Context

Apache OpenOffice Missing Authorization Vulnerability in DDE Link Handling

Vulnerability

A missing authorization vulnerability in Apache OpenOffice allows external links in documents to be loaded without user prompt. This issue affects versions through 4.1.15. In the vulnerable versions, Calc spreadsheets with DDE links to external files would automatically load the contents of those files without asking for permission.

Impact

Exploitation of this vulnerability could lead to unauthorized access to external files linked within an OpenOffice Calc spreadsheet, potentially allowing sensitive information to be accessed without user consent.

Remediation

Users are advised to upgrade to Apache OpenOffice version 4.1.16, which addresses this vulnerability. The latest version can be downloaded from the Apache OpenOffice download page.

Added: Nov 12, 2025, 9:17 AM

Updated: Nov 12, 2025, 6:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache OpenOffice Missing Authorization Vulnerability in DDE Link Handling

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating