Vulnerability CVE-2019-9851


Published: 2019-08-15

Description:
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.

Type:

CWE-20

(Improper Input Validation)

Vendor: Debian
Product: Debian linux 
Version: 9.0;
Vendor: Libreoffice
Product: Libreoffice 
Version:
6.2.5
6.2.4.2
6.2.4.1
6.2.4
6.2.3.2
6.2.3.1
6.2.3
6.2.2.2
6.2.2.1
6.2.1.2
6.2.1.1
6.2.0.3
6.2.0.2
6.2.0.1
6.2.0.0
6.2.0
6.2
6.1.6.3
6.1.6.2
6.1.6.1
6.1.6
6.1.5.2
6.1.5.1
6.1.4.2
6.1.4.1
6.1.3.2
6.1.3.1
6.1.2.1
6.1.1.2
6.1.1.1
6.1.0.3
6.1.0.2
6.1.0.1
6.1.0.0
6.1.0
6.1
6.0.7.3
6.0.7.2
6.0.7.1
6.0.6.2
6.0.6.1
6.0.6
6.0.5.2
6.0.5.1
6.0.5
6.0.4.2
6.0.4.1
6.0.3.2
6.0.3.1
6.0.3
6.0.2.1
6.0.1.1
6.0.0.3
6.0.0.2
6.0.0.1
6.0.0.0
6.0.0
5.4.7.2
5.4.7.1
5.4.6.2
5.4.6.1
5.4.5.1
5.4.5
5.4.4.2
5.4.4.1
5.4.3.2
5.4.3.1
5.4.2.2
5.4.2.1
5.4.1.2
5.4.1.1
5.4.0.3
5.4.0.2
5.4.0.1
5.4.0.0
5.3.7.2
5.3.7.1
5.3.6.1
5.3.5.2
5.3.5.1
5.3.4.2
5.3.4.1
5.3.3.2
5.3.3.1
5.3.2.2
5.3.2.1
5.3.1.2
5.3.1.1
5.3.0.3
5.3.0.2
5.3.0.1
5.3.0.0
5.2.7.2
5.2.7.1
5.2.6.2
5.2.6.1
5.2.6
5.2.5.1
5.2.4.2
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html
http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/
https://seclists.org/bugtraq/2019/Aug/28
https://usn.ubuntu.com/4102-1/
https://www.debian.org/security/2019/dsa-4501
https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851

Related CVE
CVE-2019-9853
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the docume...
CVE-2019-9855
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify tha...
CVE-2019-9854
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Script...
CVE-2019-9852
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Script...
CVE-2019-9850
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify tha...
CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include rem...
CVE-2019-9848
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, w...
CVE-2019-9847
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable ...

Copyright 2019, cxsecurity.com

 

Back to Top