Ricex

**Name of the Vulnerable Software and Affected Versions** LibreOffice versions 6.2 prior to 6.2.7 LibreOffice versions 6.3 prior to 6.3.1 **Description** The issue is related to how LibreOffice handles script events, such as mouse-over and document-open, where pre-installed macros can be executed. A flaw in the path verification step allows an attacker to bypass protection and execute scripts in arbitrary locations on the file system. This is done by exploiting a flaw in how LibreOffice assembles the final script URL location from components of the passed-in path, rather than solely from the sanitized output of the path verification step. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For LibreOffice versions 6.2 prior to 6.2.7, update to version 6.2.7 or later. For LibreOffice versions 6.3 prior to 6.3.1, update to version 6.3.1 or later. As a temporary workaround, consider restricting access to scripts under the share/Scripts/python and user/Scripts/python sub-directories of the LibreOffice install to minimize the risk of exploitation.