Уязвимость выполнения произвольного кода при обработке скриптов событий в LibreOffice
Описание
LibreOffice обычно поставляется с LibreLogo, программируемым скриптом для векторной графики "черепашкой", который может выполнять произвольные команды Python, содержащиеся в документе, из которого он был запущен. Для устранения уязвимости CVE-2019-9848 была добавлена защита, блокирующая вызовы LibreLogo из обработчиков событий скриптов документа, например, при наведении мыши. Однако в LibreOffice также есть отдельная функция, позволяющая документам указывать выполнение предустановленных скриптов при различных глобальных событиях скриптов, таких как открытие документа. В исправленных версиях обработчики глобальных событий скриптов проверяются аналогично обработчикам событий скриптов документа.
Затронутые версии ПО
- Document Foundation LibreOffice версии до 6.2.6
Тип уязвимости
Выполнение произвольного кода
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
LibreOffice is typically bundled with LibreLogo, a programmable turtle ...
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
Уязвимость программного модуля LibreLogo пакета офисных программ LibreOffice, позволяющая нарушителю выполнить произвольный код в целевой системе
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2