CVE-2018-10583

Published: May 1, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

Affected (10)

Products: Libreoffice: Libreoffice · Apache: Openoffice · Debian: Debian Linux · +2 more

Show all products

Libreoffice: Libreoffice · Apache: Openoffice · Debian: Debian Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Canonical: Ubuntu Linux

1 product

1 product

1 product

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libreoffice Libreoffice	Version 6.0.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apache Openoffice	Version 4.1.5

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://seclists.org/fulldisclosure/2020/Oct/26

Source: cve@mitre.org

http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/

Source: cve@mitre.org

ExploitMitigationThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:3054

Source: cve@mitre.org

Third Party Advisory

https://lists.apache.org/thread.html/0598708912978b27121b2e380b44a225c706aca882cd1da6a955a0af%40%3Cdev.openoffice.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/6c65f22306c36c95e75f8d2b7f49cfcbeb0a4614245c20934612a39d%40%3Cdev.openoffice.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/c8fd59ac77b42aac90eb5c59b87f3ab59b5e0c3bfb4819aa649a2909%40%3Cdev.openoffice.apache.org%3E

Source: cve@mitre.org

https://security-tracker.debian.org/tracker/CVE-2018-10583

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://usn.ubuntu.com/3883-1/

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/44564/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Oct/26

Source: af854a3a-2127-422b-91ae-364da2661108

http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:3054

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.apache.org/thread.html/0598708912978b27121b2e380b44a225c706aca882cd1da6a955a0af%40%3Cdev.openoffice.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/6c65f22306c36c95e75f8d2b7f49cfcbeb0a4614245c20934612a39d%40%3Cdev.openoffice.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/c8fd59ac77b42aac90eb5c59b87f3ab59b5e0c3bfb4819aa649a2909%40%3Cdev.openoffice.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://security-tracker.debian.org/tracker/CVE-2018-10583

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://usn.ubuntu.com/3883-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.exploit-db.com/exploits/44564/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.