#VU76613 Insufficient UI Warning of Dangerous Operations in LibreOffice


Published: 2023-05-29

Vulnerability identifier: #VU76613

Vulnerability risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2255

CWE-ID: CWE-357

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
LibreOffice
Client/Desktop applications / Office applications

Vendor: LibreOffice

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the application allows usage of floating frames that can fetch content from external sources without prompting the user. A remote attacker can trick the victim to open a specially crafted file and perform spoofing attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

LibreOffice: 7.4.0.1 - 7.4.0.3


External links
http://www.libreoffice.org/about-us/security/advisories/CVE-2023-2255


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability