Main Vulnerability Database Vulnerabilities #VU77534

#VU77534 External control of file name or path in LibreOffice - CVE-2023-1183

Published: June 20, 2023 / Updated: December 29, 2023

Vulnerability identifier: #VU77534

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-1183

CWE-ID: CWE-73

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LibreOffice

Software vendor:
LibreOffice

Description

The vulnerability allows a remote attacker to write files to an arbitrary location on the system.

The vulnerability exists due to improper input validation when processing files within hsqldb. A remote attacker can trick the victim to open a specially crafted odb file that contains a "database/script" file with a SCRIPT command and write contents of that file to an arbitrary location on the system.

Successful exploitation of the vulnerability can lead to full system compromise.

Remediation

Install updates from vendor's website.

External links

https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/

#VU77534 External control of file name or path in LibreOffice - CVE-2023-1183

Description

Remediation

External links

Please verify you're human