Описание
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 1:6.0.7-0ubuntu0.18.04.2 |
| cosmic | not-affected | 1:6.1.4-0ubuntu0.18.10.1 |
| devel | not-affected | 1:6.1.4-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:4.2.8-0ubuntu5.5]] |
| precise/esm | DNE | |
| trusty | released | 1:4.2.8-0ubuntu5.5 |
| trusty/esm | DNE | trusty was released [1:4.2.8-0ubuntu5.5] |
| upstream | released | 6.0.7/6.1.3 |
| xenial | released | 1:5.1.6~rc2-0ubuntu1~xenial6 |
Показывать по
7.5 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vuln ...
7.5 High
CVSS2
7.8 High
CVSS3