CVE-2018-16858

Scores

EPSS

0.923high92.3%

0%20%40%60%80%100%

Percentile: 92.3%

CVSS

7.8high3.x

0246810

CVSS Score: 7.8/10

All CVSS Scores

CVSS 3.x

7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

astradebiannvdredhatubuntu

CWEs

CWE-356

Related Vulnerabilities

BDU:2019-00786

Exploits

Exploit ID: 46727

Source: exploitdb

URL: https://www.exploit-db.com/exploits/46727

Exploit ID: CVE-2018-16858

Source: github-poc

URL: https://github.com/Henryisnotavailable/CVE-2018-16858-Python

Vulnerable Software (28)

Type: Configuration

Product: LibreOffice

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-common

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-extensions

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-gtk

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-gtk3

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-integrated

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-kde4

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-langpack-be

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-langpack-de

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-langpack-es

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-langpack-fr

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-langpack-kk

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-langpack-pt-BR

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-langpack-ru

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-langpack-tt

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-langpack-uk

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-mimetypes

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: LibreOffice-sdk

Operating System: altlinux

Trait:

{  "fixed": "0:6.1.3.1-alt1"}

Source: redhat

Type: Configuration

Product: libreoffice

Operating System: ubuntu cosmic 18.10

Trait:

{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: libreoffice

Operating System: ubuntu trusty 14.04

Trait:

{  "fixed": "1:4.2.8-0ubuntu5.5"}

Source: ubuntu

Russian Vulnerability Scanner Database

CVE-2018-16858

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Related Vulnerabilities

Exploits

Vulnerable Software (28)