CVE-2005-4636

Description

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.

Affected products

• openoffice / openoffice1.0.1 – 1.0.1
• openoffice / openoffice1.0.2 – 1.0.2
• openoffice / openoffice1.1.0 – 1.1.0
• openoffice / openoffice1.1.1 – 1.1.1
• openoffice / openoffice1.1.2 – 1.1.2
• openoffice / openoffice1.1.3 – 1.1.3
• openoffice / openoffice1.1.4 – 1.1.4
• openoffice / openoffice1.1.5 – 1.1.5
• openoffice / openoffice2.0 – 2.0

References

• MISChttp://qa.openoffice.org/issues/show_bug.cgi?id=53491
• MISChttp://securitytracker.com/id?1015419
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:033