Arbitrary file disclosure in LibreOffice

Published: 2018-02-09 15:34:35
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-6871
CVE-2018-1055
CVSSv3 4.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-200
Exploitation vector Network
Public exploit Not available
Vulnerable software LibreOffice
Vulnerable software versions LibreOffice 5.4.4.2
LibreOffice 5.4.4.1
LibreOffice 5.4.3.2
Show more
Vendor URL LibreOffice

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists in LibreOffice Calc, which supports COM.MICROSOFT.WEBSERVICE function to obtain data by URL. The application allows WEBSERVICE to take a local file URL (e.g file://) which can be used to inject local files into the spreadsheet without warning the user. Subsequent formulas can operate on that inserted data and construct a remote URL. A remote attacker can create a specially crafted document, trick the victim into opening it and use  WEBSERVICE functionality to send arbitrary local files to the attacker's controlled server.

Remediation

Update to version 5.4.5.1 or 6.0.1.1.

External links

https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/

Back to List