Описание
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | windows-only |
| devel | not-affected | windows-only |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | windows-only |
| focal | not-affected | windows-only |
| groovy | ignored | end of life |
| hirsute | not-affected | windows-only |
| impish | not-affected | windows-only |
| jammy | not-affected | windows-only |
| precise/esm | DNE |
Показывать по
EPSS
9.3 Critical
CVSS2
8.8 High
CVSS3
Связанные уязвимости
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7 ...
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
Уязвимость пакета офисных программ LibreOffice, связанная с ошибками в настройках безопасности, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
9.3 Critical
CVSS2
8.8 High
CVSS3