Richard Davy

**Name of the Vulnerable Software and Affected Versions** LibreOffice versions prior to 6.0.3 Apache OpenOffice versions prior to 4.1.5 **Description** The issue is related to the automatic initiation of an SMB connection by LibreOffice and Apache OpenOffice. This can be exploited by a remote attacker using a specially crafted file, potentially allowing access to protected information. The vulnerability can be triggered by embedding an SMB connection in a malicious file, such as an `xlink:href` attribute within an `office:document-content` element in a `.odt` XML document, for example, `xlink:href=file://192.168.0.2/test.jpg`. **Recommendations** For LibreOffice version 6.0.3 and earlier, update to a version that contains a fix for this issue. For Apache OpenOffice version 4.1.5 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider disabling the automatic processing of SMB connections in LibreOffice and Apache OpenOffice until a patch is available.