PT-2023-7595 · Document Foundation+10 · Libreoffice+10

Reginaldo Silva

·

Publicado

2023-12-11

·

Atualizado

2024-07-18

·

CVE-2023-6186

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions LibreOffice (affected versions not specified)
Description The issue is related to insufficient macro permission validation, allowing an attacker to execute built-in macros without warning. In affected versions, LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. This could potentially enable a remote attacker to execute arbitrary code by embedding a malicious macro in a document.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Preservation of Permissions

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-281CWE-601

Identificadores relacionados

ALSA-2024:1427
ALSA-2024:1514
ALSA-2024:3835
ALT-PU-2023-8037
ALT-PU-2023-8057
ALT-PU-2024-1030
ALT-PU-2024-1179
BDU:2023-08655
CESA-2024_1514
CVE-2023-6186
DLA-3703-1
DSA-5574-1
INFSA-2024_3835
MGASA-2024-0116
OPENSUSE-SU-2023_4932-1
RHSA-2024:1423
RHSA-2024:1425
RHSA-2024:1427
RHSA-2024:1473
RHSA-2024:1480
RHSA-2024:1512
RHSA-2024:1513
RHSA-2024:1514
RHSA-2024:3835
RHSA-2024_1427
RHSA-2024_1514
RHSA-2024_3835
RLSA-2024:1427
RLSA-2024:1514
RLSA-2024:3835
SUSE-SU-2023:4932-1
SUSE-SU-2023:4984-1
USN-6546-1
USN-6546-2

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Libreoffice
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu