Allele Security Alert
Executable hyperlink targets executed unconditionally on activation
The Document Foundation
LibreOffice prior to 6.1.6 and 6.2.3
LibreOffice versions 6.1.6 and 6.2.3
Proof of concept
Before 6.1.6/6.2.3 under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally.
Zhongcheng Li (Pox Security Team)
CVE-2019-9847 | LibreOffice – Free Office Suite – Fun Project – Fantastic People
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 13, 2019