cbcvebase.
CVE-2018-10583
published 2018-05-01

CVE-2018-10583: An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection…

high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

Affected

13 ranges
VendorProductVersion rangeFixed in
apacheopenoffice
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianlibreoffice
libreofficelibreoffice
libreofficelibreoffice>= 0 < 1:4.2.8-0ubuntu5.51:4.2.8-0ubuntu5.5
libreofficelibreoffice>= 0 < 1:5.1.6~rc2-0ubuntu1~xenial61:5.1.6~rc2-0ubuntu1~xenial6
redhatenterprise_linux_desktop
redhatenterprise_linux_server
redhatenterprise_linux_workstation

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.8HIGH