Vulnerability CVE-2018-10583


Published: 2018-05-01

Description:
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

Type:

CWE-200

(Information Exposure)

Vendor: Debian
Product: Debian linux 
Version:
9.0
8.0
7.0
Vendor: Libreoffice
Product: Libreoffice 
Version: 6.0.3;
Vendor: Apache
Product: Openoffice 
Version: 4.1.5;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/
https://access.redhat.com/errata/RHSA-2018:3054
https://security-tracker.debian.org/tracker/CVE-2018-10583
https://usn.ubuntu.com/3883-1/
https://www.exploit-db.com/exploits/44564/

Related CVE
CVE-2018-20242
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.
CVE-2018-11803
Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.
CVE-2018-11760
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.
CVE-2018-11790
When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.
CVE-2019-0190
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server ve...
CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session...
CVE-2017-17836
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, weather it be via XSS or by leaving a machine unlo...
CVE-2017-17835
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.

Copyright 2019, cxsecurity.com

 

Back to Top