QwikSec

Security Database

CVE

CWE

Training

CVE-2018-16858

Published: Mar 25, 2019

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

7.8

HIGH

Description

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

Vendor	Product	Versions
[UNKNOWN]	libreoffice	affected `6.0.7` affected `6.1.3`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858

x_refsource_CONFIRM

http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html

x_refsource_MISC

http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_REDHAT

20190815 [SECURITY] [DSA 4501-1] libreoffice security update

mailing-list

x_refsource_BUGTRAQ

openSUSE-SU-2019:1929

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.