CVE-2024-3044
Graphic on-click binding allows unchecked script execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
La ejecución de script sin marcar en el enlace gráfico al hacer clic en las versiones afectadas de LibreOffice permite a un atacante crear un documento que, sin aviso, ejecutará script integradas en LibreOffice al hacer clic en un gráfico. Anteriormente, estos scripts se consideraban confiables, pero ahora se consideran no confiables.
A flaw was found in LibreOffice. Unchecked script execution in graphic on-click binding allows an attacker to create a document, which, without a prompt, will execute scripts built into LibreOffice when clicking a graphic. These scripts were previously deemed trusted but are now deemed untrusted.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-28 CVE Reserved
- 2024-05-14 CVE Published
- 2024-06-11 EPSS Updated
- 2024-11-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-356: Product UI does not Warn User of Unsafe Actions
CAPEC
- CAPEC-160: Exploit Script-Based APIs
References (5)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-3044 | 2024-07-23 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2280542 | 2024-07-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
The Document Foundation Search vendor "The Document Foundation" | LibreOffice Search vendor "The Document Foundation" for product "LibreOffice" | >= 7.6.0 < 7.6.7 Search vendor "The Document Foundation" for product "LibreOffice" and version " >= 7.6.0 < 7.6.7" | en |
Affected
| ||||||
The Document Foundation Search vendor "The Document Foundation" | LibreOffice Search vendor "The Document Foundation" for product "LibreOffice" | >= 24.2.0 < 24.2.3 Search vendor "The Document Foundation" for product "LibreOffice" and version " >= 24.2.0 < 24.2.3" | en |
Affected
|