Allele Security Alert
ASA-2019-00040
Identifier(s)
ASA-2019-00040, CVE-2018-16858
Title
Directory traversal flaw in script execution
Vendor(s)
The Document Foundation
Product(s)
LibreOffice
Affected version(s)
LibreOffice prior to 6.0.7 and 6.1.3
Fixed version(s)
LibreOffice 6.0.7 and 6.1.3
Proof of concept
Yes
Description
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various document events such as mouse-over, etc.
Prior to 6.0.7/6.1.3 LibreOffice was vulnerable to a directory traversal attack where it was possible to craft a document which when opened by LibreOffice would, when such common document events occur, execute a python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
Typically LibreOffice is bundled with python, so an attacker has a set of known scripts at a known relative file system location to work with.
Technical details
Unknown
Credits
Alex Inführ
Reference(s)
CVE-2018-16858 | LibreOffice – Free Office Suite – Fun Project – Fantastic People
https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/
Libreoffice (CVE-2018-16858) – Remote Code Execution via Macro/Event execution
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
CVE-2018-16858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16858
CVE-2018-16858
https://nvd.nist.gov/vuln/detail/CVE-2018-16858
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 3, 2019