CVE-2019-9850 – Insufficient url validation allowing LibreLogo script execution
https://notcve.org/view.php?id=CVE-2019-9850
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVSDPZJG3UA43X3JXRHJAWXLDZEW77LM https://seclists.org/bugtraq/2019/Aug/28 https://usn.ubun • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-9849 – libreoffice: Remote resources protection module not applied to bullet graphics
https://notcve.org/view.php?id=CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. LibreOffice presenta un "stealth mode" en el que solo los documentos desde ubicaciones consideradas "trusted" pueden recuperar recursos remotos. • https://github.com/mbadanoiu/CVE-2019-9849 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html http://www.securityfocus.com/bid/109374 https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-9848 – libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands
https://notcve.org/view.php?id=CVE-2019-9848
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html http://www.securityfocus.com/bid/109374 https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP https://seclists.org • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-9847 – Executable hyperlink targets executed unconditionally on activation
https://notcve.org/view.php?id=CVE-2019-9847
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3. Una vulnerabilidad en el procesamiento de hipervínculos de LibreOffice permite a un atacante construir documentos que contengan hipervínculos que apunten a la ubicación de un ejecutable en el sistema de archivos de los usuarios victimas. • https://www.libreoffice.org/about-us/security/advisories/cve-2019-9847 • CWE-20: Improper Input Validation •
CVE-2018-16858 – LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution
https://notcve.org/view.php?id=CVE-2018-16858
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. Se ha observado que libreoffice en versiones anteriores a la 6.0.7 y 6.1.3 era vulnerable a ataques de salto de directorio que podrían ser usados para ejecutar macros arbitrarios incluidos en un documento. Un atacante podría manipular un documento que, al ser abierto por LibreOffice, ejecute un método Python desde un script en cualquier ubicación arbitrara del sistema de archivos, especificada de forma relativa a la ubicación de instalación de LibreOffice. It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. • https://www.exploit-db.com/exploits/46727 https://github.com/Henryisnotavailable/CVE-2018-16858-Python https://github.com/bantu2301/CVE-2018-16858 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec https://access.redhat.com/errata/RHSA-2019:2130 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858 https:& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-356: Product UI does not Warn User of Unsafe Actions •