CVE-2018-6871
published 2018-02-09CVE-2018-6871: LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libreoffice | < libreoffice 1:6.0.1-1 (bookworm) | libreoffice 1:6.0.1-1 (bookworm) |
| libreoffice | libreoffice | < 5.4.5 | 5.4.5 |
| libreoffice | libreoffice | — | — |
| libreoffice | libreoffice | >= 0 < 1:6.0.1-1 | 1:6.0.1-1 |
| libreoffice | libreoffice | >= 0 < 1:6.0.1-1 | 1:6.0.1-1 |
| libreoffice | libreoffice | >= 0 < 1:6.0.1-1 | 1:6.0.1-1 |
| libreoffice | libreoffice | >= 0 < 1:6.0.1-1 | 1:6.0.1-1 |
| libreoffice | libreoffice | >= 0 < 1:4.2.8-0ubuntu5.3 | 1:4.2.8-0ubuntu5.3 |
| libreoffice | libreoffice | >= 0 < 1:5.1.6~rc2-0ubuntu1~xenial3 | 1:5.1.6~rc2-0ubuntu1~xenial3 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL