Systems Affected
LibreOffice versions below 6.2.6
Threat Level
High
Overview
An Attacker could craft a malicious document that can silently execute arbitrary python commands (CVE-2019-9851, CVE-2019-9850, CVE-2019-9852).
Description
✦ CVE-2019-9850: Discovered by Alex Infuhr, the vulnerability in LibreOffice exists due to insufficient URL validation that allows malicious attackers to bypass the protection added to patch CVE-2019-9848 and again trigger calling LibreLogo from script event handlers.
✦ CVE-2019-9851: Discovered by Gabriel Masei, this flaw resides in a separate feature where documents can specify pre-installed scripts, just like LibreLogo, which can be executed on various global script events such as document-open, etc.
✦ CVE-2019-9852: Discovered by Nils Emmerich of ERNW Research GmbH, a URL encoding attack could allow attackers to bypass patch for directory traversal attack.
By using above vulnerabilities an attacker could send a crafted document to users and then silently execute malicious commands on the system.
Impact
✦ Execute arbitrary code
✦ Data modifications
Solution/ Workarounds
✦ Apply LibreOffice latest patch 6.2.6/6.3.0
References
✦ https://thehackernews.com/2019/08/libreoffice-patch-update.html
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.