CVE-2014-3524

Title: CVE-2014-3524

Announced: August  21, 2014

Fixed in: LibreOffice 4.2.6-secfix/4.3.1

Description:

The vulnerability allows command injection when loading Calc spreadsheets under Windows. Specially crafted documents can be used for command-injection attacks. Other operating systems are not affected.

Windows users are recommended to upgrade their LibreOffice to 4.2.6-secfix or 4.3.1

Thanks to Rohan Durve and James Kettle of Context Information Security for discovering this flaw.

References:

    CVE-2014-3524