118 matches found
DEBIAN-CVE-2022-3140
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...
CVE-2022-26305
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the...
CVE-2022-27176
The CVE-2022-27176 issue concerns incomplete filtering of special elements in RevoWorks components (SCVX, Browser, Desktop) using the File Sanitization Library/Option. The underlying problem is incomplete filtering that fails to detect/remove Microsoft Excel 4.0 macros, enabling a user to downloa...
Dridex affiliate dresses up as Scrooge
Threat actors are hoping to catch a few more victims before they leave work for the Christmas holidays. The recent malicious spam campaigns malspam we and others have observed appear to have been created by someone who wants to play Scrooge and add onto peoples already heightened state of anxiety...
Microsoft Outlook Users Targeted By Gamaredon's New VBA Macro
The Gamaredon threat group has given its post-compromise toolset a facelift with the addition of a new Visual Basic for Applications VBA macro. The VBA macro leverages compromised victims’ Microsoft Outlook email accounts to send spear-phishing emails to their contacts – rapidly widening the...
COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware
A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans RAT capable of exfiltrating sensitive documents, keystrokes, passwords, and even images from the webcam. The targeted attacks employ Microsoft Word...
libreoffice: Unsafe URL assembly flaw in allowed script location check
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
libreoffice: Insufficient URL decoding flaw in categorizing macro location
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...
CVE-2019-9853
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...
Automatic macro execution bug in Office Mac _when_ macros are disabled
A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka ‘Microsoft Office Excel Security Feature Bypass’. Recent assessments: busterb at November 14, 2019 10:37pm UTC reported: Saw this on Patrick Wardle’s twitter accou...
EulerOS 2.0 SP5 : libreoffice (EulerOS-SA-2019-2169)
According to the version of the libreoffice packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over,...
CVE-2019-9853
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...
UBUNTU-CVE-2019-9853
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...
Design/Logic Flaw
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...
CVE-2019-9853
LibreOffice: CVE-2019-9853 — A URL decoding flaw in how macro URLs are processed and categorized lets an attacker craft a document that bypasses macro security settings, enabling arbitrary macro execution. Affected versions: LibreOffice 6.2 before 6.2.7 and 6.3 before 6.3.1. Remediation: update t...
CVE-2019-9854
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
CVE-2019-9854
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
DEBIAN-CVE-2019-9854
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
CVE-2019-9854
CVE-2019-9854 affects LibreOffice before 6.2.7 and before 6.3.1. Root cause: an insufficient URL assembly in the final script location from path components allowed bypassing the sanitized path verification, enabling a directory-traversal-style bypass for pre-installed macros script locations. Imp...
UBUNTU-CVE-2019-9854
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...