Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LibreOffice - LibreLogo arbitrary script execution (CVE-2019-9848) #12103

Closed
bcoles opened this issue Jul 18, 2019 · 1 comment · Fixed by #12207

Comments

@bcoles
Copy link
Contributor

commented Jul 18, 2019

Given that a few LibreOffice / OpenOffice modules have been added to the framework, it might be useful to also add this, as execution is silent and apparently does not require user interaction (although perhaps a mousemove event may be required to trigger).

By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning.

@bcoles

This comment has been minimized.

Copy link
Contributor Author

commented Aug 2, 2019

#12147

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.