Lucene search

[email protected]CVE-2018-10583

HistoryMay 01, 2018 - 4:29 p.m.

CVE-2018-10583

2018-05-0116:29:00

CWE-200

[email protected]

web.nvd.nist.gov

135

cve-2018-10583

information disclosure

libreoffice

apache openoffice

vulnerability

smb connection

malicious file

xml document

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.171 Low

EPSS

Percentile

96.1%

JSON

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

Affected configurations

NVD

Node

libreofficelibreofficeMatch6.0.3

Node

apacheopenofficeMatch4.1.5

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

CPENameOperatorVersion
libreoffice:libreofficelibreofficeeq6.0.3

CPE	Name	Operator	Version
libreoffice:libreoffice	libreoffice	eq	6.0.3

References

seclists.org/fulldisclosure/2020/Oct/26

secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/

access.redhat.com/errata/RHSA-2018:3054

lists.apache.org/thread.html/0598708912978b27121b2e380b44a225c706aca882cd1da6a955a0af%40%3Cdev.openoffice.apache.org%3E

lists.apache.org/thread.html/6c65f22306c36c95e75f8d2b7f49cfcbeb0a4614245c20934612a39d%40%3Cdev.openoffice.apache.org%3E

lists.apache.org/thread.html/c8fd59ac77b42aac90eb5c59b87f3ab59b5e0c3bfb4819aa649a2909%40%3Cdev.openoffice.apache.org%3E

security-tracker.debian.org/tracker/CVE-2018-10583

usn.ubuntu.com/3883-1/

www.exploit-db.com/exploits/44564/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.171 Low

EPSS

Percentile

96.1%

JSON

Related for CVE-2018-10583

osv1 openvas12 nessus18 zdt1 packetstorm2 redhatcve1 suse3 debiancve1 prion1 fedora3 kaspersky1 cvelist1 ubuntucve1 nvd1 exploitdb1 redhat1 mageia1 ubuntu1