Description
It was found that LibreOffice documents executed macros unconditionally,
without user approval, when these documents were opened using LibreOffice.
An attacker could use this flaw to execute arbitrary code as the user
running LibreOffice by embedding malicious VBA scripts in the document as
macros. (CVE-2014-0247)
A flaw was found in the OLE (Object Linking and Embedding) generation in
LibreOffice. An attacker could use this flaw to embed malicious OLE code in
a LibreOffice document, allowing for arbitrary code execution.
(CVE-2014-3575)
A use-after-free flaw was found in the 'Remote Control' capabilities of the
LibreOffice Impress application. An attacker could use this flaw to
remotely execute code with the permissions of the user running LibreOffice
Impress. (CVE-2014-3693)