CVE Identifier: CVE-2017-3157 Vulnerability Type: Arbitrary file disclosure in Calc and Writer Affected Versions: All Apache OpenOffice versions 4.1.3 and older; OpenOffice.org versions are also affected Vendor: The Apache Software Foundation Severity: Medium Description: An attacker can craft a document that allows reading from the user's filesytem. This is done by exploiting the way OpenOffice renders embedded objects. Mitigation: Install Apache OpenOffice 4.1.4 for the latest maintenance and cumulative security fixes. Additional Information: - Consult the Apache OpenOffice Community Forums or make requests to the users@openoffice.apache.org public mailing list. - Latest security bulletin information can be found at the Bulletin Archive page.