CVE-2018-16858

Published: Mar 25, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

Affected (2)

Products: Libreoffice: Libreoffice

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Libreoffice Libreoffice	Before 6.0.7
Libreoffice Libreoffice	From 6.1.0 to 6.1.3

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Product UI does not Warn User of Unsafe Actions

The product's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html

Source: secalert@redhat.com

http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html

Source: secalert@redhat.com

ExploitThird Party AdvisoryVDB Entry

http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2130

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/28

Source: secalert@redhat.com

https://www.exploit-db.com/exploits/46727/

Source: secalert@redhat.com

ExploitThird Party AdvisoryVDB Entry

https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/

Source: secalert@redhat.com

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2130

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/28

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/46727/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.