HTTP: LibreOffice Macro Event Remote Code Execution
This signature detects attempts to exploit a known vulnerability against LibreOffice. A Successful exploitation could result in arbitrary code execution under the security context of the user.
Extended Description
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
Affected Products
Libreoffice libreoffice
Short Name
HTTP:STC:CVE-2018-16858-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-16858 Code Event Execution LibreOffice Macro Remote bid:106837
Release Date
02/25/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Libreoffice
CVSS Score
7.5