RCE in LibreOffice and OpenOffice via the Apache UNO API

LibreOffice and OpenOffice are vulnerable to RCE via the Apache UNO API if either program is running as a listener on the host machine. Recent assessments: space-r7 at September 12, 2019 6:07pm UTC reported: Details The soffice binary allows passing arguments in order to listen on a host ip and...

Apache UNO API Remote Code Execution Vulnerability

When Apache OpenOffice and LibreOffice are spawn as an office server, they bind an Apache UNO API that allows for remote code execution. Dear reader, I am not sure if I am contacting through the right email address but someone said I should e-mail you guys. I found an RCE functionality in the...