Published: 09/05/2019 Updated: 08/09/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A vulnerability in LibreOffice hyperlink processing allows an malicious user to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions before 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series before 6.2.3.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libreoffice libreoffice

Apache OpenOffice RCE (CVE-2020-13958) Summary Apache OpenOffice 4 (including 417, the latest version tested) is vulnerable to remote code execution; if a victim is convinced to open a crafted odt document on Windows, attackers could gain full control over their computer The vulnerability The problem is, the product does not handle script:event-listener handlers as macro ex

CWE-20 https://www.libreoffice.org/about-us/security/advisories/cve-2019-9847/https://nvd.nist.gov https://github.com/irsl/apache-openoffice-rce-via-uno-links

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-9847

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect