LibreLogo global-event script execution
CVE-2019-9851

9.8CRITICAL

Key Information:

Vendor

Document Foundation

Status
Libreoffice
Vendor
CVE Published:
15 August 2019

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 85%

What is CVE-2019-9851?

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.

Affected Version(s)

LibreOffice < 6.2.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2019-9851
Created by Rapid7

References

https://www.libreoffice.org/about-us/security/advisories/...
x_refsource_CONFIRM
https://seclists.org/bugtraq/2019/Aug/28
mailing-listx_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4501
vendor-advisoryx_refsource_DEBIAN

EPSS Score

85% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

Credit

Thanks to Gabriel Masei of 1&1 for discovering and reporting this issue
JSON
.