PT-2021-2696 · Document Foundation+2 · Libreoffice+2

Lukas Euler

Published

2021-03-30

Updated

2021-07-05

CVE-2021-25631

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 7.1.2 LibreOffice versions prior to 7.0.5

Description The issue is related to errors in security settings, allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. This can be achieved by manipulating a link to circumvent the denylist, resulting in ShellExecute attempting to launch an executable type.

Recommendations For versions prior to 7.1.2, update to version 7.1.2 or later. For versions prior to 7.0.5, update to version 7.0.5 or later.

Exploit

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-184CWE-254

Related Identifiers

ALT-PU-2021-1573

ALT-PU-2021-1598

ALT-PU-2021-1843

ALT-PU-2021-2151

BDU:2021-02227

CVE-2021-25631

Affected Products

Alt Linux

Astra Linux

Libreoffice

PT-2021-2696 · Document Foundation+2 · Libreoffice+2

CVE-2021-25631

Weakness Enumeration

Related Identifiers

Affected Products

References · 5