Lucene search

Kaspersky LabKLA20006

HistoryOct 11, 2022 - 12:00 a.m.

KLA20006 RCE vulnerability in LibreOffice

2022-10-1100:00:00

Kaspersky Lab

threats.kaspersky.com

libreoffice

rce vulnerability

arbitrary code execution

security bypass

cve-2022-3140

update

malicious users

vulnerability

version 7.3.6

version 7.4.1

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.2%

JSON

Remote code execution vulnerability was found in LibreOffice. Malicious users can exploit this vulnerability to execute arbitrary code.

Original advisories

Macro URL arbitrary script execution

Related products

LibreOffice

CVE list

CVE-2022-3140 high

Solution

Update to the latest version

Download LibreOffice

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

LibreOffice earlier than 7.3.6LibreOffice 7.4.x earlier than 7.4.1

References

statistics.securelist.com/

threats.kaspersky.com/en/product/LibreOffice/

www.libreoffice.org/about-us/security/advisories/cve-2022-3140/