libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning - CVE-2018-16858Deprecated |
ID: oval:org.secpod.oval:def:50618 | Date: (C)2019-02-07 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
Platform: |
Red Hat Enterprise Linux 7 |
CentOS 7 |