Описание
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.
This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.
A flaw was found in LibreOffice. In the affected versions of LibreOffice, a link in a browser using that scheme could be constructed with an embedded inner URL that, when passed to LibreOffice, could call internal macros with arbitrary arguments.
Отчет
This vulnerability is rated as an important severity due to the potential for an attacker to exploit the 'vnd.libreoffice.command' URI scheme to execute arbitrary internal macros with crafted arguments and could lead to unauthorized code execution and impact system integrity and confidentiality
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libreoffice | Will not fix | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | libreoffice | Fixed | RHSA-2025:3390 | 31.03.2025 |
| Red Hat Enterprise Linux 8 | libreoffice | Fixed | RHSA-2025:2868 | 17.03.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | libreoffice | Fixed | RHSA-2025:3265 | 26.03.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | libreoffice | Fixed | RHSA-2025:3267 | 26.03.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | libreoffice | Fixed | RHSA-2025:3267 | 26.03.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | libreoffice | Fixed | RHSA-2025:3267 | 26.03.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | libreoffice | Fixed | RHSA-2025:3269 | 26.03.2025 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | libreoffice | Fixed | RHSA-2025:3269 | 26.03.2025 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | libreoffice | Fixed | RHSA-2025:3269 | 26.03.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.6 High
CVSS3
Связанные уязвимости
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.
LibreOffice supports Office URI Schemes to enable browser integration ...
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.
EPSS
7.6 High
CVSS3