CVE-2018-16858 – LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution

https://notcve.org/view.php?id=CVE-2018-16858

04 Feb 2019 — It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. Se ha observado que libreoffice en versiones anteriores a la 6.0.7 y 6.1.3 era vulnerable a ataques de salto de directori... • https://packetstorm.news/files/id/152560 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-356: Product UI does not Warn User of Unsafe Actions •