mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.4 KiB
1.4 KiB
CVE-2018-16858
Description
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
POC
Reference
- http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html
- https://www.exploit-db.com/exploits/46727/
Github
- https://github.com/0xT11/CVE-POC
- https://github.com/4nimanegra/libreofficeExploit1
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Henryisnotavailable/CVE-2018-16858-Python
- https://github.com/NextronSystems/valhallaAPI
- https://github.com/bantu2301/CVE-2018-16858
- https://github.com/irsl/apache-openoffice-rce-via-uno-links
- https://github.com/litneet64/containerized-bomb-disposal
- https://github.com/nhthongDfVn/File-Converter-Exploit
- https://github.com/phongld97/detect-cve-2018-16858