CVE-2019-9847
published 2019-05-09CVE-2019-9847: A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable…
PriorityP336high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
1.01%
58.6th percentile
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libreoffice | — | — |
| document_foundation | libreoffice | >= unspecified < 6.1.6 | 6.1.6 |
| document_foundation | libreoffice | >= unspecified < 6.2.3 | 6.2.3 |
| libreoffice | libreoffice | < 6.1.6 | 6.1.6 |
| libreoffice | libreoffice | >= 6.2 < 6.2.3 | 6.2.3 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2019-9847: libreoffice - A vulnerability in LibreOffice hyperlink processing allows an attacker to constr...
vendor_debian·2019·CVSS 7.8
CVE-2019-9847 [HIGH] CVE-2019-9847: libreoffice - A vulnerability in LibreOffice hyperlink processing allows an attacker to constr...
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-cxqx-7gmj-4vg7: A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an exe
ghsa_unreviewed·2022-05-24
CVE-2019-9847 [HIGH] CWE-20 GHSA-cxqx-7gmj-4vg7: A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an exe
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-05-09
Published