It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

CPENameOperatorVersion
libreofficelt6.0.7
libreofficege6.1.0
libreofficelt6.1.3

Name	Operator	Version
libreoffice	lt	6.0.7
libreoffice	ge	6.1.0
libreoffice	lt	6.1.3

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html

packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html

www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec

access.redhat.com/errata/RHSA-2019:2130

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858

seclists.org/bugtraq/2019/Aug/28

www.exploit-db.com/exploits/46727/

www.libreoffice.org/about-us/security/advisories/cve-2018-16858/

thn 2

malwarebytes 1

redhat 1

nessus 22

debiancve 2

metasploit 2

openvas 17

centos 1

osv 4

cve 2

suse 1

ubuntucve 2

zdt 2

debian 4

kaspersky 1

packetstorm 2

oraclelinux 1

attackerkb 1

checkpoint_advisories 1

mageia 2

veracode 1

redhatcve 2

nvd 2

cvelist 2

exploitdb 2

alpinelinux 1

fedora 1

prion 1

exploitpack 1

ubuntu 1

thn

Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software

2019-02-05 11:11:00

Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again

2019-08-16 09:19:00

malwarebytes

New critical vulnerability discovered in open-source office suites

2019-02-06 17:16:50

redhat

(RHSA-2019:2130) Low: libreoffice security and bug fix update

2019-08-06 08:04:23

nessus

SUSE SLED15 / SLES15 Security Update : libreoffice (SUSE-SU-2019:2003-1)

2019-08-12 00:00:00

Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20190806)

2019-08-27 00:00:00

SUSE SLED12 Security Update : LibreOffice (SUSE-SU-2019:1448-1)

2019-06-10 00:00:00

debiancve

CVE-2018-16858

2019-03-25 18:29:00

CVE-2019-9852

2019-08-15 22:15:22

metasploit

LibreOffice Macro Code Execution

2019-04-12 19:01:29

LibreOffice Macro Python Code Execution

2019-07-30 21:07:20

openvas

SUSE: Security Advisory (SUSE-SU-2019:1894-1)

2021-06-09 00:00:00

Mageia: Security Advisory (MGASA-2019-0102)

2022-01-28 00:00:00

Apache OpenOffice Remote Code Execution Vulnerability (Feb 2019) - Windows

2019-02-07 00:00:00

centos

autocorr, libreoffice, libreofficekit security update

2019-08-30 03:27:17

osv

libreoffice - security update

2019-02-08 00:00:00

CVE-2018-16858

2019-03-25 18:29:00

libreoffice - security update

2019-02-02 00:00:00

cve

CVE-2018-16858

2019-03-25 18:29:00

CVE-2019-9852

2019-08-15 22:15:22

suse

Security update for LibreOffice (moderate)

2019-08-18 00:00:00

ubuntucve

CVE-2018-16858

2019-02-04 00:00:00

CVE-2019-9852

2019-08-15 00:00:00

zdt

LibreOffice 6.0.7 / 6.1.3 - Macro Code Execution Exploit

2019-04-18 00:00:00

LibreOffice < 6.2.6 Macro - Python Code Execution Exploit

2019-08-21 00:00:00

debian

[SECURITY] [DSA 4381-1] libreoffice security update

2019-02-02 18:24:32

[SECURITY] [DLA 1669-1] libreoffice security update

2019-02-08 21:29:11

[SECURITY] [DSA 4501-1] libreoffice security update

2019-08-15 20:05:33

kaspersky

KLA11407 ACE vulnerability in LibreOffice

2019-02-01 00:00:00

packetstorm

LibreOffice Macro Code Execution

2019-04-17 00:00:00

LibreOffice Macro Python Code Execution

2019-08-20 00:00:00

oraclelinux

libreoffice security and bug fix update

2019-08-13 00:00:00

attackerkb

LibreOffice Macro Code Execution

2019-03-25 00:00:00

checkpoint_advisories

LibreOffice and Openoffice Remote Code Execution (CVE-2018-16858)

2019-02-04 00:00:00

mageia

Updated libreoffice packages fix security vulnerability

2019-02-22 04:08:50

Updated libreoffice packages fix security vulnerabilities

2019-11-30 16:06:06

veracode

Directory Traversal

2019-08-08 00:07:51

redhatcve

CVE-2018-16858

2019-02-03 03:49:24

CVE-2019-9852

2019-08-23 04:52:13

nvd

CVE-2018-16858

2019-03-25 18:29:00

CVE-2019-9852

2019-08-15 22:15:22

cvelist

CVE-2018-16858

2019-03-25 17:43:08

CVE-2019-9852 Insufficient URL encoding flaw in allowed script location check

2019-08-15 00:00:00

exploitdb

LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)

2019-04-18 00:00:00

LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)

2019-08-21 00:00:00

alpinelinux

CVE-2019-9852

2019-08-15 22:15:22

fedora

[SECURITY] Fedora 28 Update: libreoffice-6.0.7.3-1.fc28

2019-02-08 02:31:05

prion

Directory traversal

2019-08-15 22:15:00

exploitpack

LibreOffice 6.2.6 Macro - Python Code Execution (Metasploit)

2019-08-21 00:00:00

ubuntu

LibreOffice vulnerabilities

2019-02-06 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

AI Score

Confidence

High

0.963 High

EPSS

Percentile

99.6%

JSON

Related for PRION:CVE-2018-16858