// For flags

CVE-2018-16858

LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

Se ha observado que libreoffice en versiones anteriores a la 6.0.7 y 6.1.3 era vulnerable a ataques de salto de directorio que podrían ser usados para ejecutar macros arbitrarios incluidos en un documento. Un atacante podría manipular un documento que, al ser abierto por LibreOffice, ejecute un método Python desde un script en cualquier ubicación arbitrara del sistema de archivos, especificada de forma relativa a la ubicación de instalación de LibreOffice.

It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-09-11 CVE Reserved
  • 2019-02-04 CVE Published
  • 2022-11-24 First Exploit
  • 2024-08-05 CVE Updated
  • 2024-09-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-356: Product UI does not Warn User of Unsafe Actions
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libreoffice
Search vendor "Libreoffice"
Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
< 6.0.7
Search vendor "Libreoffice" for product "Libreoffice" and version " < 6.0.7"
-
Affected
Libreoffice
Search vendor "Libreoffice"
Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
>= 6.1.0 < 6.1.3
Search vendor "Libreoffice" for product "Libreoffice" and version " >= 6.1.0 < 6.1.3"
-
Affected