Lucene search

K
kasperskyKaspersky LabKLA49330
HistoryMay 24, 2023 - 12:00 a.m.

KLA49330 Multiple vulnerabilities in LibreOffice

2023-05-2400:00:00
Kaspersky Lab
threats.kaspersky.com
16
libreoffice
vulnerabilities
exploits
security restrictions
code execution
update
advisories
ace
versions 7.4.7
7.5.x

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

34.2%

Multiple vulnerabilities were found in LibreOffice. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Improper Access Control vulnerability in IFrame can be exploited to bypass security restrictions.
  2. Improper Validation of Array Index vulnerability in Calc Formula Parsing can be exploited remotely to execute arbitrary code.

Original advisories

Array Index UnderFlow in Calc Formula Parsing

Remote documents loaded without prompt via IFrame

Exploitation

Public exploits exist for this vulnerability.

Related products

LibreOffice

CVE list

CVE-2023-2255 high

CVE-2023-0950 critical

Solution

Update to the latest version

Download LibreOffice

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • LibreOffice earlier than 7.4.7LibreOffice 7.5.x earlier than 7.5.3

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

34.2%