Описание
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
A flaw was found in LibreOffice. Unchecked script execution in graphic on-click binding allows an attacker to create a document, which, without a prompt, will execute scripts built into LibreOffice when clicking a graphic. These scripts were previously deemed trusted but are now deemed untrusted.
Отчет
CVE-2024-3044 poses a Moderate severity risk due to its potential to enable unauthorized script execution within LibreOffice documents. While the vulnerability allows for the execution of untrusted scripts upon clicking graphics, it requires user interaction to initiate. Furthermore, the impact is constrained by the user's explicit macro execution permissions, determined at document load time. Although the flaw could lead to unintended script execution, its impact is mitigated by the necessity for user interaction and the reliance on explicit macro permissions.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libreoffice | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libreoffice | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libreoffice:flatpak/libreoffice | Will not fix | ||
| Red Hat Enterprise Linux 9 | libreoffice:flatpak/libreoffice | Will not fix | ||
| Red Hat Enterprise Linux 8 | libreoffice | Fixed | RHSA-2024:4242 | 02.07.2024 |
| Red Hat Enterprise Linux 9 | libreoffice | Fixed | RHSA-2024:4755 | 23.07.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
Unchecked script execution in Graphic on-click binding in affected Lib ...
EPSS
7.3 High
CVSS3