CVE-2019-9855

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html	Mailing List Third Party Advisory
https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:libreoffice:libreoffice::::::::
	cpe:2.3:a:libreoffice:libreoffice::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

History

No history.

Information

Published : 2019-09-06 19:15

Updated : 2024-02-28 17:08

NVD link : CVE-2019-9855

Mitre link : CVE-2019-9855

CVE.ORG link : CVE-2019-9855

JSON object : View

Products Affected

libreoffice

libreoffice

opensuse

leap

microsoft

windows

CWE

CWE-417

Communication Channel Errors

{"id": "CVE-2019-9855", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-09-06T19:15:12.073", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@documentfoundation.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@documentfoundation.org"}, {"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/", "tags": ["Vendor Advisory"], "source": "security@documentfoundation.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-417"}]}], "descriptions": [{"lang": "en", "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1."}, {"lang": "es", "value": "LibreOffice es com\u00fanmente paquetizado con LibreLogo, un script de gr\u00e1ficos vectoriales turtle programable, que puede ejecutar comandos de python arbitrarios contenidos con el documento desde que es activado. LibreOffice tambi\u00e9n presenta una funcionalidad en la que los documentos pueden especificar que los scripts preinstalados pueden ser ejecutados en varios eventos de script de documentos, tales como mouse-over, etc. La protecci\u00f3n fue agregada para bloquear la llamada a LibreLogo desde los manejadores de eventos de script. Sin embargo, un fallo en el manejo de la equivalencia de ruta de Windows versi\u00f3n 8.3 dej\u00f3 a LibreOffice vulnerable bajo Windows que un documento podr\u00eda desencadenar la ejecuci\u00f3n de LibreLogo por medio del seud\u00f3nimo del nombre de archivo de Windows. Este problema afecta a: Document Foundation LibreOffice versiones 6.2 anteriores a 6.2.7; versiones 6.3 anteriores a 6.3.1."}], "lastModified": "2022-10-14T02:55:59.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C5282A5-6EF5-4458-A35E-F688C6751B37", "versionEndExcluding": "6.2.7", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F9A03CA-E4B2-4935-9E97-A5772DC4DE93", "versionEndExcluding": "6.3.1", "versionStartIncluding": "6.3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}], "operator": "OR"}]}], "sourceIdentifier": "security@documentfoundation.org"}