CVE-2019-9852 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2019-9852?

CVE-2019-9852 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-9852?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Debian Debian Linux, Fedoraproject Fedora, Opensuse Leap, Libreoffice Libreoffice.

Vulnerability Description

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	16.04
Debian	Debian Linux	8.0
Fedoraproject	Fedora	29
Opensuse	Leap	15.0
Libreoffice	Libreoffice	< 6.2.6

Related Weaknesses (CWE)

CWE-22 CWE-116

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00005.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://seclists.org/bugtraq/2019/Aug/28Issue TrackingMailing ListThird Party Advisory
https://seclists.org/bugtraq/2019/Sep/17Mailing ListThird Party Advisory
https://usn.ubuntu.com/4102-1/Third Party Advisory
https://www.debian.org/security/2019/dsa-4501Third Party Advisory
https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852PatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00005.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://seclists.org/bugtraq/2019/Aug/28Issue TrackingMailing ListThird Party Advisory
https://seclists.org/bugtraq/2019/Sep/17Mailing ListThird Party Advisory

FAQ

What is CVE-2019-9852?

CVE-2019-9852 is a vulnerability with a CVSS score of 7.8 (HIGH). LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to s...

How severe is CVE-2019-9852?

CVE-2019-9852 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-9852?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Debian Debian Linux, Fedoraproject Fedora, Opensuse Leap, Libreoffice Libreoffice.