LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2018:0418 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:0517 | Third Party Advisory |
https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a | Patch Third Party Advisory |
https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure | Exploit Third Party Advisory |
https://usn.ubuntu.com/3579-1/ | Third Party Advisory |
https://www.debian.org/security/2018/dsa-4111 | Third Party Advisory |
https://www.exploit-db.com/exploits/44022/ | Exploit Third Party Advisory VDB Entry |
https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-02-09T06:00:00
Updated: 2018-03-17T09:57:01
Reserved: 2018-02-09T00:00:00
Link: CVE-2018-6871
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-02-09T06:29:00.303
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-6871
JSON object: View
Redhat Information
No data.
CWE