Allele Security Alert
Directory traversal flaw in script execution
The Document Foundation
LibreOffice prior to 6.0.7 and 6.1.3
LibreOffice 6.0.7 and 6.1.3
Proof of concept
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various document events such as mouse-over, etc.
Prior to 6.0.7/6.1.3 LibreOffice was vulnerable to a directory traversal attack where it was possible to craft a document which when opened by LibreOffice would, when such common document events occur, execute a python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
Typically LibreOffice is bundled with python, so an attacker has a set of known scripts at a known relative file system location to work with.
CVE-2018-16858 | LibreOffice – Free Office Suite – Fun Project – Fantastic People
Libreoffice (CVE-2018-16858) – Remote Code Execution via Macro/Event execution
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 3, 2019