CVE-2018-16858

CVSS 7.8 HIGHEPSS 67.5%CWE-356

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

[UNKNOWN] · libreoffice

public PoCs found — 7

githubgithub.com/4nimanegra/libreofficeExploit1★ 3 githubgithub.com/phongld97/detect-cve-2018-16858★ 1 githubgithub.com/bantu2301/CVE-2018-16858★ 1 githubgithub.com/Henryisnotavailable/CVE-2018-16858-Python★ 1 exploitdbwww.exploit-db.com/exploits/46727unverified cve_referencewww.exploit-db.com/exploits/46727/unverified cve_referencepacketstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html https://access.redhat.com/errata/RHSA-2019:2130 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858 https://seclists.org/bugtraq/2019/Aug/28 https://www.exploit-db.com/exploits/46727/https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec