Strike ID:
E19-3unu1
CVSS:
8.0 (AV:N/AC:L/Au:S/C:C/I:P/A:P)
False Positive:
t
Variants:
3
Year:
2018

Description

An OS command injection vulnerability exists in LibreOffice via path traversal in event listeners functionality. The vulnerability is due to missing string sanitization when parsing event listener script sources. By enticing an user to open a crafted fodt document, an attacker may achieve remote code execution on the target system.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}