E18-0oaf1
CVSS:
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
2
Year:
2018
Description
This strike exploits a file disclosure vulnerability in LibreOffice up to 6.0.1.
The vulnerability is due to unrestricted use of WEBSERVICE function in LibreOffice Calc files.
An attacker could obtain the content of any local file by enticing a user to open a maliciously crafted document.
Note: This strike is sending over the network a file which if run on a vulnerable target would dump contents of /etc/passwd file to a host 172.16.2.202 on port 8000!