Lucene search

Kaspersky LabKLA73438

HistorySep 17, 2024 - 12:00 a.m.

KLA73438 SB vulnerability in LibreOffice

2024-09-1700:00:00

Kaspersky Lab

threats.kaspersky.com

libreoffice

vulnerability

security bypass

exploitation

cve-2024-7788

update

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

JSON

Security bypass vulnerability was found in LibreOffice. Malicious users can exploit this vulnerability to bypass security restrictions.

Original advisories

CVE-2024-7788: Signatures in “repair mode” should not be trusted

Related products

LibreOffice

CVE list

CVE-2024-7788 warning

Solution

Update to the latest version

Download LibreOffice

Impacts

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

LibreOffice 24.2.x earlier than 24.2.5LibreOffice 24.8.x earlier than 24.8.0

References

statistics.securelist.com/

threats.kaspersky.com/en/product/LibreOffice/

www.libreoffice.org/about-us/security/advisories/cve-2024-7788/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

JSON

Related for KLA73438