CVE-2018-16858
Description
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
92.385
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-16858,CVE-2018-18688 are affected in LibreOffice (x64) 6.0.6.2 | Windows |
| Vulnerabilities CVE-2018-16858,CVE-2018-18688 are affected in LibreOffice 6.0.6.2 | Windows |
| Vulnerabilities CVE-2018-16858 are affected in LibreOffice For Mac 6.0.6.2 | Mac |
| Vulnerabilities CVE-2018-16858 are affected in LibreOffice For Mac 6.1.2.1 | Mac |
| Vulnerabilities CVE-2018-16858 are affected in LibreOffice For Mac 6.0.6.2 | Mac |
| Libreoffice 4.2.8-0ubuntu5.1 for Ubuntu 14.04 LTS (x64) libreoffice_4.2.8-0ubuntu5.5_amd64.deb | Linux |
| Libreoffice 4.2.8-0ubuntu5.1 for Ubuntu 14.04 LTS libreoffice_4.2.8-0ubuntu5.5_i386.deb | Linux |
| Libreoffice 5.1.6 rc2-0ubuntu1 xenial2 for Ubuntu 16.04 LTS (x64) libreoffice_5.1.6~rc2-0ubuntu1~xenial6_amd64.deb | Linux |
| Libreoffice 5.1.6 rc2-0ubuntu1 xenial2 for Ubuntu 16.04 LTS libreoffice_5.1.6~rc2-0ubuntu1~xenial6_i386.deb | Linux |
| Office productivity suite (USN-3883-1) libreoffice_4.2.8-0ubuntu5.5_i386.deb | Linux |
| Office productivity suite (USN-3883-1) libreoffice_4.2.8-0ubuntu5.5_amd64.deb | Linux |
| Office productivity suite (USN-3883-1) libreoffice_5.1.6~rc2-0ubuntu1~xenial6_i386.deb | Linux |
| Office productivity suite (USN-3883-1) libreoffice_5.1.6~rc2-0ubuntu1~xenial6_amd64.deb | Linux |
| libreoffice security update(DSA-4381-1) libreoffice_5.2.7-1+deb9u5_i386.deb | Linux |
| libreoffice security update(DSA-4381-1) libreoffice_5.2.7-1+deb9u5_amd64.deb | Linux |
| libreoffice security update(DSA-4501-1) libreoffice_6.1.5-3+deb10u3_amd64.deb | Linux |
| (RHSA-2019:2130)Low: security and bug fix update libreoffice-debuginfo-5.3.6.1-21.el7.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-334075 | LibreOffice (x64) (7.5.8) |
| PATCH-334074 | LibreOffice (7.5.8) |
| PATCH-611894 | LibreOffice for Mac (Apple Silicon) (25.8.1) |
| PATCH-611894 | LibreOffice for Mac (Apple Silicon) (25.8.1) |
| PATCH-611894 | LibreOffice for Mac (Apple Silicon) (25.8.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234