<html> <head> <base href="https://bugs.documentfoundation.org/"> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_UNCONFIRMED " title="UNCONFIRMED - Modification of embedded objects possible on read-only documents" href="https://bugs.documentfoundation.org/show_bug.cgi?id=142696">142696</a> </td> </tr> <tr> <th>Summary</th> <td>Modification of embedded objects possible on read-only documents </td> </tr> <tr> <th>Product</th> <td>LibreOffice </td> </tr> <tr> <th>Version</th> <td>unspecified </td> </tr> <tr> <th>Hardware</th> <td>All </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Status</th> <td>UNCONFIRMED </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>LibreOffice </td> </tr> <tr> <th>Assignee</th> <td>libreoffice-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Reporter</th> <td>heiko.tietze@documentfoundation.org </td> </tr> <tr> <th>CC</th> <td>caolanm@redhat.com, michael.meeks@collabora.com, xiscofauli@libreoffice.org </td> </tr></table> <p> <div> <pre>The <span class=""><a href="https://bugs.documentfoundation.org/attachment.cgi?id=172653" name="attach_172653" title="Example file">attachment 172653</a> <a href="https://bugs.documentfoundation.org/attachment.cgi?id=172653&action=edit" title="Example file">[details]</a></span> contains a chart (embedded OLE object) and despite the document is read-only it is possible to start the chart module per double-click and modify the object. I wonder if this is a security/safety risk.</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>