CVE-2023-47804: 
Homebrew vulnerability analysis and mitigation

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments through various URI Schemes. These links can be activated by clicks or automatic document events. The vulnerability (CVE-2023-47804) was discovered in Apache OpenOffice versions through 4.1.14, where approval for certain links is not requested, potentially leading to arbitrary script execution. This is identified as a corner case of CVE-2022-47502 (OpenOffice Advisory, OSS Security).

The vulnerability is classified with a CVSS 3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. It is associated with CWE-88 (Improper Neutralization of Argument Delimiters in a Command) and CWE-20 (Improper Input Validation). The issue specifically relates to the handling of URI Schemes that are defined for calling internal macros with arbitrary arguments (NVD).

When exploited, this vulnerability could result in arbitrary script execution on the target system. The severity is rated as moderate, with the potential for high impacts on confidentiality, integrity, and availability of the affected system (OpenOffice Advisory).

The vulnerability has been fixed in Apache OpenOffice 4.1.15. Users are advised to upgrade to this version to receive the latest maintenance and cumulative security fixes. The update can be obtained through the official Apache OpenOffice download page (OpenOffice Advisory).