Skip to content
Apache UNO API Remote Code Execution
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Apache UNO API Remote Code Execution

PoC script to show the ability to execute code remotely using the Apache UNO API.

The RCE is present in Windows and Linux distributions that are running the StarOffice manager.

HackDefense Advisory

Finding the RCE


You will need to install the PyNO library on the machine that you want to execute the script on, this can be done by issueing the following command:

sudo apt-get install python3-uno

The target machine needs to run the StarOffice manager for the RCE to be present. The presence of the StarOffice manager that is externally reachable can be tested by looking at the banner:



The script accepts the following parameters:

  • --host the host to connect to
  • --port the port that the StarOffice manager instance is running on

Example --host --port 2083
You can’t perform that action at this time.