[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

139352

 
 

909

 
 

113074

 
 

156

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2019-9854Date: (C)2019-09-09   (M)2020-01-25


LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.8CVSS Score : 6.8
Exploit Score: 1.8Exploit Score: 8.6
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
https://seclists.org/bugtraq/2019/Sep/17
DSA-4519
FEDORA-2019-9627e1402e
MISC
USN-4138-1
https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html
https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9854/
openSUSE-SU-2019:2183
openSUSE-SU-2019:2361

CPE    5
cpe:/o:redhat:enterprise_linux:7.0
cpe:/o:debian:debian_linux:8.0
cpe:/a:libreoffice:libreoffice
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
...
CWE    1
CWE-284
OVAL    6
oval:org.secpod.oval:def:58886
oval:org.secpod.oval:def:58788
oval:org.secpod.oval:def:705185
oval:org.secpod.oval:def:58418
...

© SecPod Technologies