CVE-2018-16858 – LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution

https://notcve.org/view.php?id=CVE-2018-16858

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. Se ha observado que libreoffice en versiones anteriores a la 6.0.7 y 6.1.3 era vulnerable a ataques de salto de directorio que podrían ser usados para ejecutar macros arbitrarios incluidos en un documento. Un atacante podría manipular un documento que, al ser abierto por LibreOffice, ejecute un método Python desde un script en cualquier ubicación arbitrara del sistema de archivos, especificada de forma relativa a la ubicación de instalación de LibreOffice. It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. • https://www.exploit-db.com/exploits/46727 https://github.com/Henryisnotavailable/CVE-2018-16858-Python https://github.com/bantu2301/CVE-2018-16858 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec https://access.redhat.com/errata/RHSA-2019:2130 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858 https:& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-356: Product UI does not Warn User of Unsafe Actions •