Описание
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libreoffice | unfixed | package |
Примечания
http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/
This is the generic behaviour of accessing remote SMB shares and not limited to
Libreoffice. This can e.g. be addressed by rejecting outgoing SMB connections
from the local network
The following commit adds this class of access to the list of trusted locations:
https://cgit.freedesktop.org/libreoffice/core/commit/?id=0b7f4a4f57117fde33d0b1df96134aa6ccce023e
EPSS
Связанные уязвимости
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
Security update for LibreOffice and dependency libraries
EPSS