PT-2016-2305 · Document Foundation+3 · Libreoffice+3

Aleksandar Nikolic

Publicado

2016-06-29

Atualizado

2024-06-15

CVE-2016-4324

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 5.1.4

Description The issue is related to a use-after-free condition in LibreOffice, allowing remote attackers to execute arbitrary code through a manipulated RTF file. This is connected to the stylesheet and superscript tokens. The vulnerability can be exploited by an attacker using a specially crafted RTF file, potentially leading to the execution of arbitrary code.

Recommendations For versions prior to 5.1.4, update to version 5.1.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of RTF files from untrusted sources until the update is applied. Restrict access to the stylesheet and superscript tokens in RTF files to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2016-1754

BDU:2016-01694

CVE-2016-4324

DLA-581-1

DSA-3608-1

MGASA-2016-0246

OPENSUSE-SU-2024:10006-1

SUSE-SU-2016:2472-1

SUSE-SU-2016_2472-1

USN-3022-1

Produtos afetados

Alt Linux

Libreoffice

Suse

Ubuntu

PT-2016-2305 · Document Foundation+3 · Libreoffice+3

CVE-2016-4324

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 55