CVE-2023-47804 – Apache OpenOffice documents can contain malicio... (How to Fix)

Q: What is the severity of CVE-2023-47804?

CVE-2023-47804 has a CVSS score of 8.8 (HIGH). Apache OpenOffice documents can contain malicious links that execute internal macros with arbitrary arguments without user approval. This allows arbitrary script execution when activated by clicks or automatic document events. All users running affected OpenOffice versions are vulnerable.

📋 TL;DR

Apache OpenOffice documents can contain malicious links that execute internal macros with arbitrary arguments without user approval. This allows arbitrary script execution when activated by clicks or automatic document events. All users running affected OpenOffice versions are vulnerable.

💻 Affected Systems

Products:

Apache OpenOffice

Versions: Versions prior to 4.1.15

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable; exploitation requires user to open a malicious document.

📦 What is this software?

Openoffice by Apache

View all CVEs affecting Openoffice →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment when a user opens a malicious document.

🟠

Likely Case

Malicious document execution leading to malware installation, credential theft, or lateral movement within the network.

🟢

If Mitigated

No impact if proper patching and security controls prevent malicious document execution.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious document, but documents can be distributed via email or web.

🏢 Internal Only: HIGH - Internal document sharing increases exposure; malicious insider or compromised account could exploit.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction but is technically simple; weaponization likely due to document-based attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apache OpenOffice 4.1.15

Vendor Advisory: https://www.openoffice.org/security/cves/CVE-2023-47804.html

Restart Required: Yes

Instructions:

1. Download OpenOffice 4.1.15 or later from official Apache site. 2. Uninstall previous version. 3. Install new version. 4. Restart system.

🔧 Temporary Workarounds

Disable macro execution

all

Configure OpenOffice to disable macro execution entirely.

Not applicable - configure via Tools > Options > Security > Macro Security > Set to 'Very High'

Use LibreOffice instead

all

Switch to LibreOffice which is not affected and actively maintained.

sudo apt install libreoffice (Linux)
Download from https://www.libreoffice.org/ (Windows/macOS)

🧯 If You Can't Patch

Block OpenOffice documents at email/web gateways; implement application allowlisting to prevent OpenOffice execution.
Educate users to never open documents from untrusted sources; implement least privilege to limit damage.

🔍 How to Verify

Check if Vulnerable:

Check OpenOffice version via Help > About OpenOffice; if version is below 4.1.15, system is vulnerable.

Check Version:

OpenOffice --version (Linux/macOS) or check via GUI on Windows

Verify Fix Applied:

Confirm version is 4.1.15 or higher in Help > About OpenOffice; test with safe document containing macros.

📡 Detection & Monitoring

Log Indicators:

OpenOffice process spawning unexpected child processes
Macro execution logs in OpenOffice

Network Indicators:

Outbound connections from OpenOffice to unexpected destinations

SIEM Query:

process_name:"soffice.bin" AND child_process:*

📊 Metadata

CVE ID: CVE-2023-47804

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: December 29, 2023

Last Updated: February 13, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2024/01/03/3 Mailing List,Third Party Advisory
https://lists.apache.org/thread/ygp59swfcy6g46jf8v9s6qpwmxn8fsvb Mailing List,Vendor Advisory
https://www.openoffice.org/security/cves/CVE-2023-47804.html Patch,Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/01/03/3 Mailing List,Third Party Advisory
https://lists.apache.org/thread/ygp59swfcy6g46jf8v9s6qpwmxn8fsvb Mailing List,Vendor Advisory
https://www.openoffice.org/security/cves/CVE-2023-47804.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47804, you might also want to check these: