VDB

CVE-2018-16858

CVE-2018-16858 PUBLISHED

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

EPSS 92.34% · 99.7th percentile

Risk Scores

EPSS Score
92.34%
99.7th percentile

Affected Products

VendorProductVersions
Ubuntu:14.04:LTSlibreoffice*, 1:4.1.3-0ubuntu2, 1:4.1.3-0ubuntu3
Ubuntu:16.04:LTSlibreoffice1:5.0.2-0ubuntu5, 1:5.0.2-0ubuntu8, 1:5.1.0~rc3-0ubuntu2

Exploit Intelligence

…and 65 more exploits

Timeline

  • Feb 3, 2019 CVE Published
  • Feb 7, 2019 PoC Published
  • Apr 18, 2019 PoC Published
  • Aug 21, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Jul 27, 2021 PoC Published
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›