CVE-2019-9855 - OpenCVE

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Libreoffice	Libreoffice
Microsoft	Windows
Opensuse	Leap

Configuration 1 [-]

AND

OR	cpe:2.3:a:libreoffice:libreoffice::::::::
	cpe:2.3:a:libreoffice:libreoffice::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html	Mailing List Third Party Advisory
https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Document Fdn.

Published: 2019-09-06T00:00:00

Updated: 2019-10-22T05:03:53

Reserved: 2019-03-17T00:00:00

Link: CVE-2019-9855

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-09-06T19:15:12.073

Modified: 2022-10-14T02:55:59.277

Link: CVE-2019-9855

JSON object: View

Redhat Information

No data.

CWE

CWE-417

{"containers": {"cna": {"affected": [{"product": "LibreOffice", "vendor": "Document Foundation", "versions": [{"lessThan": "6.2.7", "status": "affected", "version": "6.2", "versionType": "custom"}, {"lessThan": "6.3.1", "status": "affected", "version": "6.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Thanks to alex (@insertscript) for reporting this issue"}], "datePublic": "2019-09-06T00:00:00", "descriptions": [{"lang": "en", "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1."}], "problemTypes": [{"descriptions": [{"description": "Windows 8.3 path equivalence handling flaw", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-22T05:03:53", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn."}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/"}, {"name": "openSUSE-SU-2019:2183", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "openSUSE-SU-2019:2361", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Windows 8.3 path equivalence handling flaw allows LibreLogo script execution", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@documentfoundation.org", "DATE_PUBLIC": "2019-09-06T00:00:00.000Z", "ID": "CVE-2019-9855", "STATE": "PUBLIC", "TITLE": "Windows 8.3 path equivalence handling flaw allows LibreLogo script execution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LibreOffice", "version": {"version_data": [{"version_affected": "<", "version_name": "6.2", "version_value": "6.2.7"}, {"version_affected": "<", "version_name": "6.3", "version_value": "6.3.1"}]}}]}, "vendor_name": "Document Foundation"}]}}, "credit": [{"lang": "eng", "value": "Thanks to alex (@insertscript) for reporting this issue"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Windows 8.3 path equivalence handling flaw"}]}]}, "references": {"reference_data": [{"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/", "refsource": "CONFIRM", "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/"}, {"name": "openSUSE-SU-2019:2183", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "openSUSE-SU-2019:2361", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2019-9855", "datePublished": "2019-09-06T00:00:00", "dateReserved": "2019-03-17T00:00:00", "dateUpdated": "2019-10-22T05:03:53", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C5282A5-6EF5-4458-A35E-F688C6751B37", "versionEndExcluding": "6.2.7", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F9A03CA-E4B2-4935-9E97-A5772DC4DE93", "versionEndExcluding": "6.3.1", "versionStartIncluding": "6.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1."}, {"lang": "es", "value": "LibreOffice es com\u00fanmente paquetizado con LibreLogo, un script de gr\u00e1ficos vectoriales turtle programable, que puede ejecutar comandos de python arbitrarios contenidos con el documento desde que es activado. LibreOffice tambi\u00e9n presenta una funcionalidad en la que los documentos pueden especificar que los scripts preinstalados pueden ser ejecutados en varios eventos de script de documentos, tales como mouse-over, etc. La protecci\u00f3n fue agregada para bloquear la llamada a LibreLogo desde los manejadores de eventos de script. Sin embargo, un fallo en el manejo de la equivalencia de ruta de Windows versi\u00f3n 8.3 dej\u00f3 a LibreOffice vulnerable bajo Windows que un documento podr\u00eda desencadenar la ejecuci\u00f3n de LibreLogo por medio del seud\u00f3nimo del nombre de archivo de Windows. Este problema afecta a: Document Foundation LibreOffice versiones 6.2 anteriores a 6.2.7; versiones 6.3 anteriores a 6.3.1."}], "id": "CVE-2019-9855", "lastModified": "2022-10-14T02:55:59.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-06T19:15:12.073", "references": [{"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html"}, {"source": "security@documentfoundation.org", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-417"}], "source": "nvd@nist.gov", "type": "Primary"}]}