CVE-2018-16858
LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
Se ha observado que libreoffice en versiones anteriores a la 6.0.7 y 6.1.3 era vulnerable a ataques de salto de directorio que podrían ser usados para ejecutar macros arbitrarios incluidos en un documento. Un atacante podría manipular un documento que, al ser abierto por LibreOffice, ejecute un método Python desde un script en cualquier ubicación arbitrara del sistema de archivos, especificada de forma relativa a la ubicación de instalación de LibreOffice.
It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-11 CVE Reserved
- 2019-02-04 CVE Published
- 2022-11-24 First Exploit
- 2024-08-05 CVE Updated
- 2024-09-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-356: Product UI does not Warn User of Unsafe Actions
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec | Third Party Advisory | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858 | Issue Tracking | |
https://seclists.org/bugtraq/2019/Aug/28 | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/46727 | 2024-08-05 | |
https://github.com/Henryisnotavailable/CVE-2018-16858-Python | 2023-08-27 | |
https://github.com/bantu2301/CVE-2018-16858 | 2022-11-24 | |
http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html | 2024-08-05 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Libreoffice Search vendor "Libreoffice" | Libreoffice Search vendor "Libreoffice" for product "Libreoffice" | < 6.0.7 Search vendor "Libreoffice" for product "Libreoffice" and version " < 6.0.7" | - |
Affected
| ||||||
Libreoffice Search vendor "Libreoffice" | Libreoffice Search vendor "Libreoffice" for product "Libreoffice" | >= 6.1.0 < 6.1.3 Search vendor "Libreoffice" for product "Libreoffice" and version " >= 6.1.0 < 6.1.3" | - |
Affected
|