Vuln: LibreOffice Remote Code Execution and Unauthorized Access Vulnerabilities
LibreOffice is prone to a remote code-execution vulnerability and unauthorized-access vulnerability.
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application and gain unauthorized access and perform malicious actions. Failed exploit attempts may result in a denial-of-service condition.
LibreOffice versions prior to 6.2.5 are vulnerable.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Bugtraq ID: | 109374 |
Class: | Unknown |
CVE: | CVE-2019-9848 CVE-2019-9849 |
Remote: | Yes |
Local: | No |
Published: | Jul 26 2019 12:00AM |
Updated: | Jul 26 2019 12:00AM |
Credit: | Nils Emmerich of ERNW Research GmbH and Matei "Mal" Badanoiu |
Vulnerable: | Ubuntu Ubuntu Linux 19.04 Ubuntu Ubuntu Linux 18.04 LTS Ubuntu Ubuntu Linux 16.04 LTS LibreOffice LibreOffice 6.2.1 LibreOffice LibreOffice 6.2 LibreOffice LibreOffice 6.1.6 LibreOffice LibreOffice 6.1.5 LibreOffice LibreOffice 6.1.4 LibreOffice LibreOffice 6.1.3 LibreOffice LibreOffice 6.1.2 LibreOffice LibreOffice 6.1 LibreOffice LibreOffice 6.0.7 LibreOffice LibreOffice 6.0.6 LibreOffice LibreOffice 6.0.5 LibreOffice LibreOffice 6.0.4 LibreOffice LibreOffice 6.0.3 LibreOffice LibreOffice 6.0.2 LibreOffice LibreOffice 6.0.1 LibreOffice LibreOffice 5.2 LibreOffice LibreOffice 5.1.4 LibreOffice LibreOffice 5.1.3 LibreOffice LibreOffice 5.1.2 LibreOffice LibreOffice 5.1.1 LibreOffice LibreOffice 5.1 LibreOffice LibreOffice 5.0.4 LibreOffice LibreOffice 5.0 LibreOffice LibreOffice 4.4.6 LibreOffice LibreOffice 4.4.5 LibreOffice LibreOffice 4.4.4 LibreOffice LibreOffice 4.4 LibreOffice LibreOffice 4.2.3 LibreOffice LibreOffice 6.1 LibreOffice LibreOffice 4.4.0-beta2 LibreOffice LibreOffice 4.3.5 LibreOffice LibreOffice 4.3.4 LibreOffice LibreOffice 4.3.3.2 LibreOffice LibreOffice 4.3.3 LibreOffice LibreOffice 4.3.2 LibreOffice LibreOffice 4.3.0 LibreOffice LibreOffice 4.2.7 LibreOffice LibreOffice 4.2.6 LibreOffice LibreOffice 4.2.4 LibreOffice LibreOffice 4.2.0 LibreOffice LibreOffice 4.1.5 LibreOffice LibreOffice 4.0.1.2 LibreOffice LibreOffice 4.0.0.3 LibreOffice LibreOffice 4.0.0 LibreOffice LibreOffice 3.6.5.2 LibreOffice LibreOffice 3.6.1 LibreOffice LibreOffice 3.6.0 LibreOffice LibreOffice 3.5.7.2 LibreOffice LibreOffice 3.5.7 LibreOffice LibreOffice 3.5.5.3 LibreOffice LibreOffice 3.5.5 |
Not Vulnerable: | LibreOffice LibreOffice 6.2.5 |
References:
- LibreOffice - LibreLogo arbitrary script execution (CVE-2019-9848) #12103 (rapid7)
- LibreOffice Homepage (LibreOffice)
- CVE-2019-9848 LibreLogo arbitrary script execution (LibreOffice)
- CVE-2019-9849 remote bullet graphics retrieved in 'stealth mode' (LibreOffice)
- USN-4063-1: LibreOffice vulnerabilities (Ubuntu)
from SecurityFocus Vulnerabilities https://ift.tt/2SG6x3I