Join GitHub today
Add Libreoffice macro exec exploit module #11729
This module exploits a directory traversal vulnerability in LibreOffice
LibreOffice comes bundled with sample macros written in Python and allows the ability to bind program events to them. A macro can be tied to a program event by including the script that contains the macro and the function name to be executed. Additionally, a directory traversal vulnerability exists in the component that references the Python script to be executed. This allows a program event to execute functions from Python scripts relative to the path of the samples macros folder. The
This module generates an ODT file with a mouse over event that when triggered, will execute arbitrary code. Tested on LibreOffice versions
Executing a default payload in this context hangs LibreOffice, if the payload does not return execution to the script. I think setting PrependMigrate / PrependFork is a must for any native payloads. Would it make sense to have that automatically configured by the module?
That makes sense to me. Thank you!
Apr 17, 2019
The multi/fileformat/libreoffice_macro_exec exploit module has been added to the framework. This module exploits a directory traversal vulnerability in LibreOffice v6.1.0-126.96.36.199 that enables remote code execution by running sample macros bundled with the suite.