E19-3unu1
CVSS:
7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
1
Year:
2018
Description
An OS command injection vulnerability exists in LibreOffice via path traversal in event listeners functionality.
The vulnerability is due to missing string sanitization when parsing event listener script sources.
By enticing a user to open a crafted "fodt" document, an attacker may achieve remote code execution on the target system.