Vulnerability Details : CVE-2019-9851
Public exploit exists!
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
Vulnerability category: Input validation
Products affected by CVE-2019-9851
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-9851
96.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-9851
-
LibreOffice Macro Python Code Execution
Disclosure Date: 2019-07-16First seen: 2020-04-26exploit/multi/fileformat/libreoffice_logo_execLibreOffice comes bundled with sample macros written in Python and allows the ability to bind program events to them. LibreLogo is a macro that allows a program event to execute text as Python code, allowing RCE. This module generates an ODT file with a dom loaded
CVSS scores for CVE-2019-9851
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-9851
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-9851
-
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html
[security-announce] openSUSE-SU-2019:2183-1: moderate: Security update fMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html
[security-announce] openSUSE-SU-2019:2057-1: important: Security updateMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html
LibreOffice Macro Python Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html
[SECURITY] [DLA 1947-1] libreoffice security updateMailing List;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Aug/28
Bugtraq: [SECURITY] [DSA 4501-1] libreoffice security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4102-1/
USN-4102-1: LibreOffice vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://www.debian.org/security/2019/dsa-4501
Debian -- Security Information -- DSA-4501-1 libreofficeThird Party Advisory
-
https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851
CVE-2019-9851 | LibreOffice - Free Office Suite - Fun Project - Fantastic PeopleVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/
[SECURITY] Fedora 29 Update: libreoffice-6.1.6.3-3.fc29 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
Jump to